| 2025-01-25 | CVE-2024-35134 | IBM Analytics Content Hub 2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
| 2025-01-25 | CVE-2025-0350 | Cross-site Scripting vulnerability in Elegantthemes Carousel Maker for Divi
The Divi Carousel Maker – Image, Logo, Testimonial, Post Carousel & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Carousel and Logo Carousel in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-01-25 | CVE-2024-13449 | Missing Authorization vulnerability in Ibsofts Boom Fest
The Boom Fest plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'bf_admin_action' function in all versions up to, and including, 2.2.1. | 4.3 |
| 2025-01-25 | CVE-2024-13450 | Server-Side Request Forgery (SSRF) vulnerability in Bitapps Contact Form Builder
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.17.4 via the Webhooks integration. | 6.5 |
| 2025-01-25 | CVE-2024-11825 | The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘zone’ parameter in all versions up to, and including, 1.50.3 due to insufficient input sanitization and output escaping. | 6.4 |
| 2025-01-25 | CVE-2024-12076 | The Target Video Easy Publish plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. | 6.1 |
| 2025-01-25 | CVE-2024-12113 | The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_user_review() and delete_review() functions in all versions up to, and including, 1.3.2. | 4.3 |
| 2025-01-25 | CVE-2024-12512 | The Ask Me Anything (Anonymously) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'askmeanythingpeople' shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-01-25 | CVE-2024-12529 | The brodos.net Onlineshop Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'BrodosCategory' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-01-25 | CVE-2024-12816 | The NOTICE BOARD BY TOWKIR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'notice-board' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |