Vulnerabilities > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2025-01-07	CVE-2024-12022	The WP Menu Image plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wmi_delete_img_menu' function in all versions up to, and including, 2.2. network low complexity CWE-862	5.3
2025-01-07	CVE-2024-12098	The ARS Affiliate Page Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'utm_keyword' parameter in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. network low complexity CWE-79	6.1
2025-01-07	CVE-2024-12419	The The Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.0. network low complexity CWE-94	6.5
2025-01-07	CVE-2024-12528	The WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsurveypoll_results' shortcode in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4
2025-01-07	CVE-2024-12538	The Duplicate Post, Page and Any Custom Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.3 via the 'dpp_duplicate_as_draft' function. network low complexity CWE-200	4.3
2025-01-07	CVE-2024-12540	The LDD Directory Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.3. network low complexity CWE-79	6.1
2025-01-07	CVE-2024-12541	The Chative Live chat and Chatbot plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. network low complexity CWE-352	5.4
2025-01-07	CVE-2024-12557	The Transporters.io plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.84. network low complexity CWE-352	6.1
2025-01-07	CVE-2024-12559	The ClickDesigns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clickdesigns_add_api' and the 'clickdesigns_remove_api' functions in all versions up to, and including, 1.8.0. network low complexity CWE-862	5.3
2025-01-07	CVE-2024-12590	The WP Youtube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. network low complexity CWE-79	6.4

Vulnerabilities > Medium {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Medium"}]}

Vulnerabilities > Medium