Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-04-18 CVE-2024-13650 The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'PAFE Before After Image Comparison Slider' widget in all versions up to, and including, 2.4.34 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-04-18 CVE-2025-2613 The Login Manager – Design Login Page, View Login Activity, Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom logo and background URLs in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping.
network
high complexity
CWE-79
4.4
4.4
2025-04-17 CVE-2025-3764 A vulnerability classified as critical was found in SourceCodester Web-based Pharmacy Product Management System 1.0.
network
low complexity
CWE-434
6.3
6.3
2025-04-17 CVE-2025-3765 A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0.
network
low complexity
CWE-434
6.3
6.3
2025-04-17 CVE-2025-26268 Unspecified vulnerability in Dragonflydb Dragonfly
DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command.
network
low complexity
dragonflydb
6.5
6.5
2025-04-17 CVE-2025-43014 Missing Critical Step in Authentication vulnerability in Jetbrains Toolbox
In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation
network
low complexity
jetbrains CWE-304
6.5
6.5
2025-04-17 CVE-2025-43015 Insecure Default Initialization of Resource vulnerability in Jetbrains Rubymine
In JetBrains RubyMine before 2025.1 remote Interpreter overwrote ports to listen on all interfaces
network
low complexity
jetbrains CWE-1188
6.5
6.5
2025-04-17 CVE-2025-42921 Improper Validation of Certificate with Host Mismatch vulnerability in Jetbrains Toolbox
In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin
network
low complexity
jetbrains CWE-297
6.5
6.5
2025-04-17 CVE-2025-3453 The Password Protected – Password Protect your WordPress Site, Pages, & WooCommerce Products – Restrict Content, Protect WooCommerce Category and more plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.7 via the 'password_protected_cookie' function.
network
low complexity
CWE-863
5.3
5.3
2025-04-17 CVE-2025-3479 The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 1.42.0 via the 'handle_stripe_single' function due to insufficient validation on a user controlled key.
network
low complexity
CWE-354
5.3
5.3