Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-02-04 CVE-2024-45657 IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment.
local
high complexity
CWE-732
5.0
5.0
2025-02-04 CVE-2025-24373 Unspecified vulnerability in Wpovernight Woocommerce PDF Invoices& Packing Slips
woocommerce-pdf-invoices-packing-slips is an extension which allows users to create, print & automatically email PDF invoices & packing slips for WooCommerce orders.
network
low complexity
wpovernight
6.5
6.5
2025-02-04 CVE-2025-24598 Cross-site Scripting vulnerability in Wpmailster WP Mailster
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster allows Reflected XSS.
network
low complexity
wpmailster CWE-79
6.1
6.1
2025-02-04 CVE-2025-0510 Unspecified vulnerability in Mozilla Thunderbird
Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040.
network
low complexity
mozilla
6.5
6.5
2025-02-04 CVE-2025-1015 Unspecified vulnerability in Mozilla Thunderbird
The Thunderbird Address Book URI fields contained unsanitized links.
network
low complexity
mozilla
5.4
5.4
2025-02-04 CVE-2025-1018 Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox
The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user.
network
low complexity
mozilla CWE-1021
5.3
5.3
2025-02-04 CVE-2025-1019 Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox
The z-order of the browser windows could be manipulated to hide the fullscreen notification.
network
low complexity
mozilla CWE-1021
4.3
4.3
2025-02-04 CVE-2024-13699 Cross-site Scripting vulnerability in Qodeinteractive QI Addons for Elementor
The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘cursor’ parameter in all versions up to, and including, 1.8.7 due to insufficient input sanitization and output escaping.
network
low complexity
qodeinteractive CWE-79
5.4
5.4
2025-02-04 CVE-2024-13356 The DSGVO All in one for WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.
network
low complexity
CWE-352
6.5
6.5
2025-02-04 CVE-2024-13510 The ShopSite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.10.
network
low complexity
CWE-352
6.1
6.1