Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-02-04 CVE-2024-13529 The SocialV - Social Network and Community BuddyPress Theme theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'socialv_send_download_file' function in all versions up to, and including, 2.0.15.
network
low complexity
CWE-862
6.5
6.5
2025-02-04 CVE-2024-13733 The SKT Blocks – Gutenberg based Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's skt-blocks/post-carousel block in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-02-04 CVE-2024-13403 The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fieldHTML’ parameter in all versions up to, and including, 1.9.3.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-02-04 CVE-2024-12046 The Medical Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.2 via the 'namedical_elementor_template' shortcode due to missing validation on a user controlled key.
network
low complexity
CWE-639
4.3
4.3
2025-02-04 CVE-2024-13514 The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.5 via the 'bsb-slider' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-284
4.3
4.3
2025-02-04 CVE-2025-20883 Unspecified vulnerability in Samsung Android 12.0/13.0/14.0
Improper access control in SoundPicker prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles.
low complexity
samsung
4.6
4.6
2025-02-04 CVE-2025-20884 Unspecified vulnerability in Samsung Android 12.0/13.0/14.0
Improper access control in Samsung Message prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles.
low complexity
samsung
4.6
4.6
2025-02-04 CVE-2025-20885 Out-of-bounds Write vulnerability in Samsung Android 12.0/13.0/14.0
Out-of-bounds write in softsim TA prior to SMR Jan-2025 Release 1 allows local privileged attackers to cause memory corruption.
local
low complexity
samsung CWE-787
6.7
6.7
2025-02-04 CVE-2025-20886 Insecure Storage of Sensitive Information vulnerability in Samsung Android 12.0/13.0/14.0
Inclusion of sensitive information in test code in softsim TA prior to SMR Jan-2025 Release 1 allows local privileged attackers to get test key.
local
low complexity
samsung CWE-922
4.4
4.4
2025-02-04 CVE-2025-20887 Out-of-bounds Read vulnerability in Samsung Android 12.0/13.0/14.0
Out-of-bounds read in accessing table used for svp8t in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory.
local
low complexity
samsung CWE-125
5.5
5.5