Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-30 | CVE-2025-0870 | A vulnerability was found in Axiomatic Bento4 up to 1.6.0-641. | 5.6 |
| 2025-01-30 | CVE-2024-12524 | The Clinked Client Portal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'clinked-login-button' shortcode in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-01-30 | CVE-2025-0860 | Cross-site Scripting vulnerability in Vruiz Vr-Frases The VR-Frases (collect & share quotes) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-01-30 | CVE-2024-13732 | Cross-site Scripting vulnerability in Cyberchimps Responsive Blocks The Responsive Blocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘section_tag’ parameter in all versions up to, and including, 1.9.9 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-01-30 | CVE-2024-13758 | Cross-Site Request Forgery (CSRF) vulnerability in Dwbooster CP Contact Form The CP Contact Form with PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.52. | 6.5 |
| 2025-01-30 | CVE-2024-13470 | Cross-site Scripting vulnerability in Ninjaforms Ninja Forms The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.8.24 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-01-30 | CVE-2024-13457 | Authorization Bypass Through User-Controlled Key vulnerability in Liquidweb Event Tickets The Event Tickets and Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.18.1 via the tc-order-id parameter due to missing validation on a user controlled key. | 5.3 |
| 2025-01-30 | CVE-2024-13642 | Cross-site Scripting vulnerability in Motopress Stratum The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hotspot widget in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-01-30 | CVE-2024-12921 | The EthereumICO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ethereum-ico shortcode in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-01-30 | CVE-2025-23374 | Information Exposure Through Log Files vulnerability in Dell Enterprise Sonic Distribution Dell Networking Switches running Enterprise SONiC OS, version(s) prior to 4.4.1 and 4.2.3, contain(s) an Insertion of Sensitive Information into Log File vulnerability. | 4.9 |