Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-05-07 CVE-2025-3860 The CarDealerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘saleclass' parameter in all versions up to, and including, 6.7.2504.00 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-05-07 CVE-2025-3924 The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized access of data via its publicly exposed reset-password endpoint.
network
low complexity
CWE-285
5.3
5.3
2025-05-07 CVE-2025-4054 The Relevanssi – A Better Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the highlights functionality in all versions up to, and including, 4.24.3 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-05-07 CVE-2025-4055 The Multiple Post Type Order plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mpto' shortcode in all versions up to, and including, 1.10.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-05-07 CVE-2025-4220 The Xavin's List Subpages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xls' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-05-07 CVE-2025-3218 IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver.
network
low complexity
CWE-295
5.4
5.4
2025-05-06 CVE-2025-4373 A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function.
network
high complexity
CWE-124
4.8
4.8
2025-05-06 CVE-2025-4374 A flaw was found in Quay.
network
low complexity
CWE-266
6.5
6.5
2025-05-06 CVE-2025-4352 A vulnerability, which was classified as critical, has been found in Golden Link Secondary System up to 20250424.
network
low complexity
CWE-74
6.3
6.3
2025-05-06 CVE-2025-4353 A vulnerability, which was classified as critical, was found in Golden Link Secondary System up to 20250424.
network
low complexity
CWE-74
6.3
6.3