Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-02-12 CVE-2024-13554 The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reorder_route() function in all versions up to, and including, 3.0.13.
network
low complexity
CWE-862
5.3
5.3
2025-02-12 CVE-2024-13701 The Liveticker (by stklcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'liveticker' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-02-12 CVE-2024-13749 The StaffList plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.3.
network
low complexity
CWE-79
6.1
6.1
2025-02-12 CVE-2025-0808 The Houzez Property Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.21.
network
low complexity
CWE-352
4.3
4.3
2025-02-11 CVE-2024-12833 Cross-site Scripting vulnerability in Paessler Prtg Network Monitor
Paessler PRTG Network Monitor SNMP Cross-Site Scripting Authentication Bypass Vulnerability.
network
low complexity
paessler CWE-79
6.1
6.1
2025-02-11 CVE-2025-21155 Substance3D - Stager versions 3.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service.
local
low complexity
CWE-476
5.5
5.5
2025-02-11 CVE-2025-21162 Photoshop Elements versions 2025.0 and earlier are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user.
local
low complexity
CWE-379
5.5
5.5
2025-02-11 CVE-2025-21179 DHCP Client Service Denial of Service Vulnerability
high complexity
CWE-125
4.8
4.8
2025-02-11 CVE-2025-21188 Azure Network Watcher VM Extension Elevation of Privilege Vulnerability
local
low complexity
CWE-59
6.0
6.0
2025-02-11 CVE-2025-21212 Internet Connection Sharing (ICS) Denial of Service Vulnerability
low complexity
CWE-125
6.5
6.5