Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-12-12 CVE-2024-12160 The Seraphinite Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.4.6.
network
low complexity
CWE-79
6.1
2024-12-12 CVE-2024-12333 The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.0.3.
network
low complexity
CWE-94
6.5
2024-12-12 CVE-2024-12401 A flaw was found in the cert-manager package.
network
high complexity
CWE-20
4.4
2024-12-12 CVE-2024-10583 The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘post_title’ parameter in all versions up to, and including, 1.20.2 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
5.4
2024-12-12 CVE-2024-10784 The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Tile Gallery' widget in all versions up to, and including, 1.5.126 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
2024-12-12 CVE-2024-11181 The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 9.9.9.3 via the 'wp_reusable_render' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
2024-12-12 CVE-2024-11724 The Cookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpl_script_save AJAX action in all versions up to, and including, 3.6.5.
network
low complexity
CWE-862
4.3
2024-12-12 CVE-2024-11727 The NotificationX – Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content settings for notifications in all versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping.
network
high complexity
CWE-79
4.4
2024-12-12 CVE-2024-12201 The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check when creating form styles in all versions up to, and including, 1.2.1.
network
low complexity
CWE-862
4.3
2024-12-12 CVE-2024-12329 The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several pages/post types in all versions up to, and including, 5.1.6.
network
low complexity
CWE-200
4.3