Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-02-12 CVE-2025-1190 Cross-site Scripting vulnerability in Anisha JOB Recruitment 1.0
A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic.
network
low complexity
anisha CWE-79
6.1
6.1
2025-02-12 CVE-2024-13374 The WP Table Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on thewptm_getFolders AJAX action in all versions up to, and including, 4.1.3.
network
low complexity
CWE-862
4.3
4.3
2025-02-12 CVE-2024-13601 Authorization Bypass Through User-Controlled Key vulnerability in Majesticsupport Majestic Support
The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.5 via the 'exportusereraserequest' function due to missing validation on a user controlled key.
network
low complexity
majesticsupport CWE-639
4.3
4.3
2025-02-12 CVE-2024-11746 The Discover the Best Woocommerce Product Brands Plugin for WordPress – Woocommerce Brands Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'product_brand' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-02-12 CVE-2024-12164 The WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsslwp_reset_settings() function in all versions up to, and including, 1.6.
network
low complexity
CWE-862
4.3
4.3
2025-02-12 CVE-2024-13658 The NGG Smart Image Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hr_SIS_nextgen_searchbox' shortcode in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-02-12 CVE-2024-13665 The Admire Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'space' shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-02-12 CVE-2024-13769 The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the 'theme_options_ajax_post_action' AJAX action in all versions up to, and including, 4.2.4.
network
low complexity
CWE-862
6.4
6.4
2025-02-12 CVE-2024-13539 The AForms Eats plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.3.1.
network
low complexity
CWE-209
5.3
5.3
2025-02-12 CVE-2024-13541 The aDirectory – WordPress Directory Listing Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the adqs_delete_listing() function in all versions up to, and including, 2.3.
network
low complexity
CWE-862
4.3
4.3