Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-04-02 CVE-2025-21990 NULL Pointer Dereference vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: NULL-check BO's backing store when determining GFX12 PTE flags PRT BOs may not have any backing store, so bo->tbo.resource will be NULL.
local
low complexity
linux CWE-476
5.5
5.5
2025-04-02 CVE-2024-12410 The Front End Users plugin for WordPress is vulnerable to SQL Injection via the 'UserSearchField' parameter in all versions up to, and including, 3.2.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
4.9
4.9
2025-04-02 CVE-2024-13637 The Demo Awesome plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin function in all versions up to, and including, 1.0.3.
network
low complexity
CWE-862
6.5
6.5
2025-04-02 CVE-2025-2483 The Gift Certificate Creator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘receip_address’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-04-02 CVE-2025-2513 The Smart Icons For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-04-02 CVE-2025-3097 The wp Time Machine plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.0.
network
low complexity
CWE-79
6.1
6.1
2025-04-02 CVE-2025-3098 The Video Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.0.0.3 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-04-02 CVE-2025-3099 The Advanced Search by My Solr Server plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5.
network
low complexity
CWE-352
6.1
6.1
2025-04-02 CVE-2025-2779 The Insert Headers and Footers Code – HT Script plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in all versions up to, and including, 1.1.2.
network
low complexity
CWE-862
6.5
6.5
2025-04-01 CVE-2025-21898 Divide By Zero vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: ftrace: Avoid potential division by zero in function_stat_show() Check whether denominator expression x * (x - 1) * 1000 mod {2^32, 2^64} produce zero and skip stddev computation in that case. For now don't care about rec->counter * rec->counter overflow because rec->time * rec->time overflow will likely happen earlier.
local
low complexity
linux CWE-369
5.5
5.5