Vulnerabilities > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2025-02-18	CVE-2024-13667	Cross-site Scripting vulnerability in Undsgn Uncode The Uncode theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mle-description’ parameter in all versions up to, and including, 2.9.1.6 due to insufficient input sanitization and output escaping. network low complexity undsgn CWE-79	5.4
2025-02-18	CVE-2024-13691	Unspecified vulnerability in Undsgn Uncode The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncode_recordMedia' function in all versions up to, and including, 2.9.1.6. network low complexity undsgn	6.5
2025-02-18	CVE-2024-13783	Missing Authorization vulnerability in Ncrafts Formcraft The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11. network low complexity ncrafts CWE-862	4.3
2025-02-18	CVE-2025-0521	Cross-site Scripting vulnerability in Wpexperts Post Smtp The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the from and subject parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. network low complexity wpexperts CWE-79	6.1
2025-02-18	CVE-2025-0817	Cross-site Scripting vulnerability in Ncrafts Formcraft The FormCraft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.9.11 due to insufficient input sanitization and output escaping. network low complexity ncrafts CWE-79	6.1
2025-02-18	CVE-2025-0981	Cross-site Scripting vulnerability in Churchcrm A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to hijack a user's session by exploiting a Stored Cross Site Scripting (XSS) vulnerability in the Group Editor page. network low complexity churchcrm CWE-79	6.1
2025-02-18	CVE-2024-13316	Missing Authorization vulnerability in Akashmalik Scracth & WIN The Scratch & Win – Giveaways and Contests. network low complexity akashmalik CWE-862	5.3
2025-02-18	CVE-2024-13395	Cross-site Scripting vulnerability in Kerryoco Threepress The Threepress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'threepress' shortcode in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity kerryoco CWE-79	5.4
2025-02-18	CVE-2024-13718	Cross-Site Request Forgery (CSRF) vulnerability in Wpdesk Flexible Wishlist for Woocommerce The Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.26. network low complexity wpdesk CWE-352	4.3
2025-02-18	CVE-2024-11376	Cross-site Scripting vulnerability in Clavaque S2Member The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 241114. network low complexity clavaque CWE-79	6.1

Vulnerabilities > Medium {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Medium"}]}

Vulnerabilities > Medium