Vulnerabilities > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2025-01-17	CVE-2024-13367	The Sandbox plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the export_download action in all versions up to, and including, 0.4. network low complexity CWE-862	6.5
2025-01-17	CVE-2024-13386	The quote-posttype-plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Author field in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. network low complexity CWE-79	6.4
2025-01-17	CVE-2024-10799	The Eventer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.9.7 via the eventer_woo_download_tickets() function. network low complexity CWE-22	6.5
2025-01-17	CVE-2024-13398	The Checkout for PayPal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'checkout_for_paypal' shortcode in all versions up to, and including, 1.0.32 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4
2025-01-17	CVE-2024-13401	The Payment Button for PayPal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_paypal_checkout' shortcode in all versions up to, and including, 1.2.3.35 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4
2025-01-17	CVE-2024-13434	The WP Inventory Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping. network low complexity CWE-79	6.1
2025-01-17	CVE-2024-51462	IBM QRadar WinCollect Agent 10.0.0 through 10.1.12 could allow a remote attacker to inject XML data into parameter values due to improper input validation of assumed immutable data. local low complexity CWE-471	4.0
2025-01-17	CVE-2024-52363	IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. network low complexity CWE-22	6.5
2025-01-16	CVE-2024-12427	The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fw_upload_file AJAX action in all versions up to, and including, 1.7.23. network low complexity CWE-862	5.3
2025-01-16	CVE-2024-12614	Missing Authorization vulnerability in Hirewebxperts Passwords Manager The Passwords Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pms_save_setting' and 'post_new_pass' AJAX actions in all versions up to, and including, 1.4.8. network low complexity hirewebxperts CWE-862	4.3

Vulnerabilities > Medium {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Medium"}]}

Vulnerabilities > Medium