| 2025-01-18 | CVE-2024-13517 | Cross-site Scripting vulnerability in Awesomemotive Easy Digital Downloads
The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. | 4.0 |
| 2025-01-18 | CVE-2024-13519 | The MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's settings in all versions up to, and including, 1.9.80 due to insufficient input sanitization and output escaping. network high complexity CWE-79 | 4.4 |
| 2025-01-18 | CVE-2025-0369 | The JetEngine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘list_tag’ parameter in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping. | 6.4 |
| 2025-01-18 | CVE-2025-0515 | The Buzz Club – Night Club, DJ and Music Festival Event WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cmsmasters_hide_admin_notice' function in all versions up to, and including, 2.0.4. | 4.3 |
| 2025-01-18 | CVE-2024-13515 | The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'path' parameter in all versions up to, and including, 2.28.0 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-01-18 | CVE-2024-13516 | The Kubio AI Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-01-18 | CVE-2025-0318 | Unspecified vulnerability in Ultimatemember Ultimate Member
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.9.1 through different error messages in the responses. | 5.3 |
| 2025-01-18 | CVE-2025-0554 | The Podlove Podcast Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Feed Name value in version <= 4.1.25 due to insufficient input sanitization and output escaping. network high complexity CWE-79 | 4.4 |
| 2025-01-18 | CVE-2024-12071 | Missing Authorization vulnerability in Evergreencontentposter Evergreen Content Poster
The Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_network_post() function in all versions up to, and including, 1.4.4. | 5.3 |
| 2025-01-18 | CVE-2018-9406 | Missing Authorization vulnerability in Google Android
In NlpService, there is a possible way to obtain location information due to a missing permission check. | 5.5 |