VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Medium
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-04-25
CVE-2025-2580
The Contact Form by Bit Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.18.3 due to insufficient input sanitization and output escaping.
network
high complexity
CWE-79
4.9
4.9
2025-04-25
CVE-2025-3861
The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to unauthorized access and modification of data| due to a misconfigured capability check on the 'pda_lite_custom_permission_check' function in versions 2.8.6 to 2.8.8.2.
network
low complexity
CWE-863
5.4
5.4
2025-04-25
CVE-2025-3923
The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'generate_unique_string' due to insufficient randomness of the generated file name.
network
low complexity
CWE-200
5.3
5.3
2025-04-25
CVE-2025-3752
The Able Player, accessible HTML5 media player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘preload’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-04-25
CVE-2025-3775
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.2 via the woolentor_template_proxy function.
network
low complexity
CWE-918
6.5
6.5
2025-04-24
CVE-2025-3749
The Breeze Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘cal_size’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-04-24
CVE-2025-46420
A flaw was found in libsoup.
network
low complexity
CWE-401
6.5
6.5
2025-04-24
CVE-2025-46421
A flaw was found in libsoup.
network
high complexity
CWE-497
6.8
6.8
2025-04-24
CVE-2021-47664
Due to improper authentication mechanism an unauthenticated remote attacker can enumerate valid usernames.
network
low complexity
CWE-203
5.3
5.3
2025-04-24
CVE-2024-13307
The Reales WP - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'reales_delete_file', 'reales_delete_file_plans', 'reales_add_to_favourites', and 'reales_remove_from_favourites' functions in all versions up to, and including, 2.1.2.
network
low complexity
CWE-862
5.3
5.3
«
Previous
1
2
3
4
(current)
5
6
...
7210
7211
»
Next