Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-31 | CVE-2024-13399 | The Gosign – Posts Slider Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'posts-slider-block' block in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. | 6.4 |
| 2025-01-30 | CVE-2025-0570 | Out-of-bounds Write vulnerability in Santesoft Sante Pacs Server Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. | 6.5 |
| 2025-01-30 | CVE-2025-0571 | Out-of-bounds Write vulnerability in Santesoft Sante Pacs Server Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. | 6.5 |
| 2025-01-30 | CVE-2025-0572 | Path Traversal vulnerability in Santesoft Sante Pacs Server Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. | 4.3 |
| 2025-01-30 | CVE-2025-0573 | Path Traversal vulnerability in Santesoft Sante Pacs Server Sante PACS Server DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. | 5.3 |
| 2025-01-30 | CVE-2024-10847 | Cross-site Scripting vulnerability in Sellerthemes Storely The Storely theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 16.6 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-01-30 | CVE-2024-11583 | Missing Authorization vulnerability in Visualmodo Borderless The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_zipped_font' function in all versions up to, and including, 1.5.9. | 4.3 |
| 2025-01-30 | CVE-2024-12102 | Unspecified vulnerability in Seventhqueen Typer Core The Typer Core plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.6 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
| 2025-01-30 | CVE-2024-12177 | Cross-site Scripting vulnerability in Wpmessiah AI Image ALT Text Generator for WP The Ai Image Alt Text Generator for WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-01-30 | CVE-2024-12299 | Cross-site Scripting vulnerability in Bowo System Dashboard 2.8.7 The System Dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the Filename parameter in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. | 6.1 |