CVE-2024-12561 |
Description: The Affiliate Sales in Google Analytics and other tools plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.4.9. This is due to insufficient validation on the redirect url supplied via the 'afflink' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
CVSS: MEDIUM (6.1) EPSS Score: 0.03%
May 21st, 2025 (18 days ago)
|
CVE-2024-5878 |
Description: Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled SimpleLightbox JavaScript library (version 2.1.5) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
May 20th, 2025 (19 days ago)
|
CVE-2025-46441 |
Description: Path Traversal: '.../...//' vulnerability in ctltwp Section Widget allows Path Traversal.This issue affects Section Widget: from n/a through 3.3.1.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
May 19th, 2025 (19 days ago)
|
CVE-2025-43838 |
Description: Missing Authorization vulnerability in ChoPlugins Custom PC Builder Lite for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom PC Builder Lite for WooCommerce: from n/a through 1.0.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.05% SSVC Exploitation: none
May 19th, 2025 (19 days ago)
|
CVE-2025-46543 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Charly Leetham Enhanced Paypal Shortcodes allows Stored XSS.This issue affects Enhanced Paypal Shortcodes: from n/a through 0.5a.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
May 19th, 2025 (19 days ago)
|
CVE-2025-46263 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lloyd Saunders Author Box After Posts allows Stored XSS.This issue affects Author Box After Posts: from n/a through 1.6.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
May 19th, 2025 (19 days ago)
|
CVE-2025-46262 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zack Katz Mad Mimi for WordPress allows Stored XSS.This issue affects Mad Mimi for WordPress: from n/a through 1.5.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
May 19th, 2025 (19 days ago)
|
CVE-2025-43841 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jamesdbruner WP Vegas allows Stored XSS.This issue affects WP Vegas: from n/a through 2.2.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
May 19th, 2025 (19 days ago)
|
CVE-2025-43835 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in ktsvetkov allows Cross Site Request Forgery.This issue affects wp-cyr-cho: from n/a through 0.1.
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
May 19th, 2025 (19 days ago)
|
CVE-2025-43834 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tox82 cookieBAR allows Stored XSS.This issue affects cookieBAR: from n/a through 1.7.0.
CVSS: MEDIUM (5.9) EPSS Score: 0.03%
May 19th, 2025 (19 days ago)
|