Vulnerabilities > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2025-01-07	CVE-2024-56288	Cross-site Scripting vulnerability in Androidbubble WP Docs Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood WP Docs allows Stored XSS.This issue affects WP Docs: from n/a through 2.2.1. network low complexity androidbubble CWE-79	4.8
2025-01-07	CVE-2025-22316	Cross-site Scripting vulnerability in Wpbits Addons for Elementor Page Builder Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBits WPBITS Addons For Elementor Page Builder allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through 1.5.1. network low complexity wpbits CWE-79	5.4
2025-01-07	CVE-2024-12699	The Service Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. network low complexity CWE-79	6.4
2025-01-07	CVE-2024-12719	The WordPress File Upload plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wfu_ajax_action_read_subfolders' function in all versions up to, and including, 4.24.15. network low complexity CWE-862	4.3
2025-01-07	CVE-2024-10866	The Export Import Menus plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dsp_export_import_menus() function in all versions up to, and including, 1.9.1. network low complexity CWE-862	5.3
2025-01-07	CVE-2024-12077	The Booking Calendar and Booking Calendar Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the ‘calendar_id’ parameter in all versions up to, and including, 3.2.19 and 11.2.19 respectively, due to insufficient input sanitization and output escaping. network low complexity CWE-79	6.1
2025-01-07	CVE-2024-12516	The Coupon Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Coupon Code' parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. network low complexity CWE-79	6.4
2025-01-07	CVE-2024-11282	The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.10 via the WordPress core search feature. network low complexity CWE-200	5.3
2025-01-07	CVE-2024-11764	The Solar Wizard Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'solar_wizard' shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4
2025-01-07	CVE-2024-12437	The Marketplace Items plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'envato' shortcode in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4

Vulnerabilities > Medium {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Medium"}]}

Vulnerabilities > Medium