Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-01-18 CVE-2024-13516 The Kubio AI Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-01-18 CVE-2025-0318 The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.9.1 through different error messages in the responses.
network
low complexity
CWE-200
5.3
5.3
2025-01-18 CVE-2025-0554 The Podlove Podcast Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Feed Name value in version <= 4.1.25 due to insufficient input sanitization and output escaping.
network
high complexity
CWE-79
4.4
4.4
2025-01-18 CVE-2024-12071 The Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_network_post() function in all versions up to, and including, 1.4.4.
network
low complexity
CWE-862
5.3
5.3
2025-01-17 CVE-2025-0541 A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical.
network
low complexity
CWE-74
6.3
6.3
2025-01-17 CVE-2025-0540 A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical.
network
low complexity
CWE-74
6.3
6.3
2025-01-17 CVE-2025-0536 A vulnerability classified as critical was found in 1000 Projects Attendance Tracking Management System 1.0.
network
low complexity
CWE-74
6.3
6.3
2025-01-17 CVE-2025-21185 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
network
low complexity
CWE-284
6.5
6.5
2025-01-17 CVE-2025-0535 A vulnerability classified as critical has been found in Codezips Gym Management System 1.0.
network
low complexity
CWE-74
6.3
6.3
2025-01-17 CVE-2025-0532 A vulnerability was found in Codezips Gym Management System 1.0.
network
low complexity
CWE-74
6.3
6.3