Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-07 | CVE-2024-12532 | The BWD Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.18 in widgets/bwdeb-content-switcher.php. | 4.3 |
| 2025-01-07 | CVE-2024-12711 | The RSVP and Event Management plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX functions like bulk_delete_attendees() and bulk_delete_questions() in all versions up to, and including, 2.7.13. | 5.3 |
| 2025-01-07 | CVE-2024-52366 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Concert Software IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2025-01-07 | CVE-2024-52891 | Improper Output Neutralization for Logs vulnerability in IBM Concert Software IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow an authenticated user to inject malicious information or obtain information from log files due to improper log neutralization. | 5.4 |
| 2025-01-07 | CVE-2024-52893 | Information Exposure Through an Error Message vulnerability in IBM Concert Software IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
| 2025-01-07 | CVE-2024-49633 | Cross-site Scripting vulnerability in Designinvento Directorypress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento DirectoryPress allows Reflected XSS.This issue affects DirectoryPress: from n/a through 3.6.19. | 6.1 |
| 2025-01-07 | CVE-2024-56285 | Cross-site Scripting vulnerability in Wpbits Addons for Elementor Page Builder Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBits WPBITS Addons For Elementor Page Builder allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through 1.5.1. | 5.4 |
| 2025-01-07 | CVE-2024-56288 | Cross-site Scripting vulnerability in Androidbubble WP Docs Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood WP Docs allows Stored XSS.This issue affects WP Docs: from n/a through 2.2.1. | 4.8 |
| 2025-01-07 | CVE-2025-22316 | Cross-site Scripting vulnerability in Wpbits Addons for Elementor Page Builder Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBits WPBITS Addons For Elementor Page Builder allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through 1.5.1. | 5.4 |
| 2025-01-07 | CVE-2024-12699 | The Service Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. | 6.4 |