Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-03-26 CVE-2025-2276 The Ultimate Dashboard – Custom WordPress Dashboard plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_module_actions function in all versions up to, and including, 3.8.7.
network
low complexity
CWE-862
4.3
4.3
2025-03-26 CVE-2025-2302 The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aws_search_terms shortcode in all versions up to, and including, 3.28 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-03-25 CVE-2024-31896 IBM SPSS Statistics 26.0, 27.0.1, 28.0.1, and 29.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
high complexity
CWE-327
5.9
5.9
2025-03-25 CVE-2025-2109 The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.30.15 via the init() function.
network
low complexity
CWE-918
5.8
5.8
2025-03-25 CVE-2025-2542 The Your Simple SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-03-25 CVE-2025-2635 The Digital License Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg() function without appropriate escaping on the URL in all versions up to, and including, 1.7.3.
network
low complexity
CWE-79
6.1
6.1
2025-03-25 CVE-2025-2756 A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3.
network
low complexity
CWE-122
6.3
6.3
2025-03-25 CVE-2025-2757 A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3.
network
low complexity
CWE-122
6.3
6.3
2025-03-25 CVE-2024-13710 The Estatebud – Properties & Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.0.
network
low complexity
CWE-352
4.3
4.3
2025-03-25 CVE-2024-13731 The Alert Box Block – Display notice/alerts in the front end.
network
low complexity
CWE-79
6.4
6.4