Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-18 | CVE-2024-11895 | Cross-site Scripting vulnerability in Vcita Online Payments - GET Paid With Paypal, Square & Stripe The Online Payments – Get Paid with PayPal, Square & Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.20.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-18 | CVE-2024-13465 | Cross-site Scripting vulnerability in Tusharimran Ablocks The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Table Of Content" Block, specifically in the "markerView" attribute, in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-02-18 | CVE-2024-13575 | Cross-site Scripting vulnerability in Magazine3 web Stories Enhancer The Web Stories Enhancer – Level Up Your Web Stories plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'web_stories_enhancer' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-18 | CVE-2024-13704 | Cross-site Scripting vulnerability in Themepoints Super Testimonials The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'st_user_title' parameter in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-02-18 | CVE-2024-13795 | Cross-Site Request Forgery (CSRF) vulnerability in Lightspeedhq Ecwid Ecommerce Shopping Cart The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.12.27. | 4.3 |
| 2025-02-18 | CVE-2025-0864 | Cross-site Scripting vulnerability in Pluginus Active products Tables for Woocommerce The Active Products Tables for WooCommerce. | 6.1 |
| 2025-02-18 | CVE-2024-13523 | Cross-Site Request Forgery (CSRF) vulnerability in Shenyanzhi Memorialday The MemorialDay plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. | 5.4 |
| 2025-02-18 | CVE-2024-13438 | Cross-Site Request Forgery (CSRF) vulnerability in Speedsize Image & Video Ai-Optimizer The SpeedSize Image & Video AI-Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. | 4.3 |
| 2025-02-18 | CVE-2024-12525 | The Easy MLS Listings Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'homeasap-featured-listings' shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-02-18 | CVE-2024-12813 | The Open Hours – Easy Opening Hours plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'open-hours-current-status' shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |