Vulnerabilities > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2025-02-13	CVE-2024-13227	The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Rank Math API in all versions up to, and including, 1.0.235 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4
2025-02-13	CVE-2024-13229	The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the update_metadata() function in all versions up to, and including, 1.0.235. network low complexity CWE-284	4.3
2025-02-13	CVE-2025-0837	The Puzzles theme for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4
2025-02-13	CVE-2024-13644	The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's De Gallery widget in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4
2025-02-12	CVE-2025-1228	A vulnerability classified as problematic has been found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. network low complexity CWE-22	4.3
2025-02-12	CVE-2025-1229	A vulnerability classified as critical was found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. network low complexity CWE-77	6.3
2025-02-12	CVE-2025-0111	Externally Controlled Reference to a Resource in Another Sphere vulnerability in Paloaltonetworks Pan-Os An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software. network low complexity paloaltonetworks CWE-610	6.5
2025-02-12	CVE-2025-1226	A vulnerability was found in ywoa up to 2024.07.03. network low complexity CWE-266	5.3
2025-02-12	CVE-2025-1225	A vulnerability, which was classified as problematic, has been found in ywoa up to 2024.07.03. network low complexity CWE-611	6.3
2025-02-12	CVE-2024-11629	Files or Directories Accessible to External Parties vulnerability in Progress Telerik Document Processing Libraries In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), using .NET Standard 2.0, the contents of a file at an arbitrary path can be exported to RTF. network low complexity progress CWE-552	6.5

Vulnerabilities > Medium {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Medium"}]}

Vulnerabilities > Medium