Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-01-09 CVE-2024-12616 The Bitly's WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 2.7.3.
network
low complexity
CWE-862
4.3
4.3
2025-01-09 CVE-2024-12618 The Newsletter2Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'resetStyles' AJAX action in all versions up to, and including, 4.0.14.
network
low complexity
CWE-862
4.3
4.3
2025-01-09 CVE-2024-12621 The Yumpu E-Paper publishing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'YUMPU' shortcode in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-01-09 CVE-2024-12819 The Searchie plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sio_embed_media' shortcode in all versions up to, and including, 1.17.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-01-09 CVE-2024-5769 The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.0.2.
network
low complexity
CWE-862
4.3
4.3
2025-01-09 CVE-2024-6155 The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross Site Scripting in all versions up to, and including, 9.0.0 due to a missing capability check in the greenshift_download_file_localy function, along with no SSRF protection and sanitization on uploaded SVG files.
network
low complexity
CWE-862
6.4
6.4
2025-01-09 CVE-2024-13153 Cross-site Scripting vulnerability in Unlimited-Elements Unlimited Elements for Elementor
The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.5.135 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
unlimited-elements CWE-79
5.4
5.4
2025-01-09 CVE-2025-0342 Code Injection vulnerability in Campcodes Computer Laboratory Management System 1.0
A vulnerability, which was classified as problematic, was found in CampCodes Computer Laboratory Management System 1.0.
network
low complexity
campcodes CWE-94
5.4
5.4
2025-01-09 CVE-2025-0339 Cross-site Scripting vulnerability in Fabianros Online Bike Rental System 1.0
A vulnerability classified as problematic has been found in code-projects Online Bike Rental 1.0.
network
low complexity
fabianros CWE-79
6.1
6.1
2025-01-09 CVE-2024-56826 A flaw was found in the OpenJPEG project.
local
low complexity
CWE-122
5.6
5.6