Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-05-31 CVE-2025-5292 The Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'marker_content’ parameter in all versions up to, and including, 5.11.2 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-05-31 CVE-2025-5016 The Relevanssi – A Better Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Excerpt Highlights in all versions up to, and including, 4.24.5 (Free) and 2.27.6 (Premium) due to insufficient input sanitization and output escaping.
network
high complexity
CWE-79
4.7
4.7
2025-05-31 CVE-2025-5368 A vulnerability was found in PHPGurukul Daily Expense Tracker System 1.1.
network
low complexity
CWE-74
6.3
6.3
2025-05-30 CVE-2025-1479 An open debug interface was reported in the Legion Space software included on certain Legion devices that could allow a local attacker to execute arbitrary code.
local
low complexity
 5.3
5.3
2025-05-30 CVE-2025-4598 A vulnerability was found in systemd-coredump.
local
high complexity
CWE-364
4.7
4.7
2025-05-30 CVE-2025-4597 The Woo Slider Pro – Drag Drop Slider Builder For WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woo_slide_pro_delete_draft_preview AJAX action in all versions up to, and including, 1.12.
network
low complexity
CWE-862
6.5
6.5
2025-05-30 CVE-2025-4944 The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Compare and Google Maps widgets in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-05-30 CVE-2025-5142 The Simple Page Access Restriction plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.31.
network
low complexity
CWE-352
6.5
6.5
2025-05-30 CVE-2025-5235 The OpenSheetMusicDisplay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-05-30 CVE-2025-4431 The Featured Image Plus – Quick & Bulk Edit with Unsplash plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fip_save_attach_featured function in all versions up to, and including, 1.6.3.
network
low complexity
CWE-284
4.3
4.3