| 2025-02-01 | CVE-2025-0939 | Missing Authorization vulnerability in Dcooperman Magicform
The MagicForm plugin for WordPress is vulnerable to access and modification of data due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 1.6.2. | 6.3 |
| 2025-02-01 | CVE-2024-12041 | The Directorist: AI-Powered WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.0.12 via the /wp-json/directorist/v1/users/ endpoint. | 5.3 |
| 2025-02-01 | CVE-2025-0365 | Path Traversal vulnerability in Artbees Jupiter X Core
The Jupiter X Core plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.8.7 via the inline SVG feature. | 6.5 |
| 2025-02-01 | CVE-2024-11780 | The Site Search 360 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ss360-resultblock' shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-01 | CVE-2024-12184 | Missing Authorization vulnerability in Cimatti Wordpress Contact Forms
The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the accua_forms_download_submitted_file() function in all versions up to, and including, 1.9.4. | 5.3 |
| 2025-02-01 | CVE-2024-12620 | The AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'agl_json' AJAX action in all versions up to, and including, 1.4.23. | 5.3 |
| 2025-02-01 | CVE-2024-13547 | The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-02-01 | CVE-2024-13651 | Missing Authorization vulnerability in Rapidload Power-Up for Autoptimize
The RapidLoad – Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_deactivate() function in all versions up to, and including, 2.4.4. | 4.3 |
| 2025-02-01 | CVE-2024-53296 | Out-of-bounds Write vulnerability in Dell Data Domain Operating System
Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. | 4.9 |
| 2025-01-31 | CVE-2024-49339 | IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.1 is vulnerable to stored cross-site scripting. | 6.4 |