Date: March 11, 2025 Revision Date Changes 1.0 March 11, 2025 Initial release The CVE-ID tracking this issue: CVE-2024-9448 CVSSv3.1 Base Score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) Common Weakness Enumeration: CWE-284 Improper Access...
NA - CVE-2025-27839 - operations/attestation/AttestationTask.kt in...
operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation (genuineness check) that causes verification results to be...
Medium - CVE-2025-1261 - The HT Mega – Absolute Addons For Elementor...
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including,...
Medium - CVE-2024-12460 - The Years Since – Timeless Texts plugin for...
The Years Since – Timeless Texts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'years-since' shortcode in all versions up to, and including,...
Medium - CVE-2024-13774 - The Wishlist for WooCommerce: Multi Wishlists...
The Wishlist for WooCommerce: Multi Wishlists Per Customer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.7. This is due to missing or...
High - CVE-2024-13835 - The Post Meta Data Manager plugin for WordPress...
The Post Meta Data Manager plugin for WordPress is vulnerable to multisite privilege escalation in all versions up to, and including, 1.4.3. This is due to the plugin not properly verifying the...
High - CVE-2024-13890 - The Allow PHP Execute plugin for WordPress is...
The Allow PHP Execute plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0. This is due to allowing PHP code to be entered by all users for whom...
Medium - CVE-2024-13895 - The The Code Snippets CPT plugin for WordPress...
The The Code Snippets CPT plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.1.0. This is due to the software allowing users to execute an...
Medium - CVE-2025-1481 - The Shortcode Cleaner Lite plugin for WordPress...
The Shortcode Cleaner Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_backup() function in all versions up to, and...
Medium - CVE-2025-1504 - The Post Lockdown plugin for WordPress is...
The Post Lockdown plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.0.2 via the 'pl_autocomplete' AJAX action due to insufficient...