Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-01-04 CVE-2024-12047 The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘custom_server’ parameter in all versions up to, and including, 6.30.03 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-01-04 CVE-2024-12545 The Scratch & Win – Giveaways and Contests.
network
low complexity
CWE-352
5.4
5.4
2025-01-04 CVE-2024-12701 The WP Smart Import : Import any XML File to WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ page’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-01-04 CVE-2025-0201 SQL Injection vulnerability in Code-Projects Point of Sales and Inventory Management System 1.0
A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as critical.
network
low complexity
code-projects CWE-89
6.5
6.5
2025-01-04 CVE-2025-0200 SQL Injection vulnerability in Code-Projects Point of Sales and Inventory Management System 1.0
A vulnerability has been found in code-projects Point of Sales and Inventory Management System 1.0 and classified as critical.
network
low complexity
code-projects CWE-89
6.5
6.5
2025-01-03 CVE-2024-12237 The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.15 via the rjg_get_youtube_info_justified_gallery_callback function.
network
low complexity
CWE-918
4.3
4.3
2025-01-03 CVE-2024-55896 IBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper restrictions when rendering content via iFrames.
network
low complexity
CWE-451
5.4
5.4
2025-01-03 CVE-2024-55897 IBM PowerHA SystemMirror for i 7.4 and 7.5 does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
 4.3
4.3
2025-01-03 CVE-2025-0199 SQL Injection vulnerability in Code-Projects Point of Sales and Inventory Management System 1.0
A vulnerability, which was classified as critical, was found in code-projects Point of Sales and Inventory Management System 1.0.
network
low complexity
code-projects CWE-89
6.5
6.5
2025-01-03 CVE-2025-0198 SQL Injection vulnerability in Code-Projects Point of Sales and Inventory Management System 1.0
A vulnerability, which was classified as critical, has been found in code-projects Point of Sales and Inventory Management System 1.0.
network
low complexity
code-projects CWE-89
6.5
6.5