CVE ID : CVE-2025-0864 Published : Feb. 18, 2025, 8:15 a.m. | 38 minutes ago Description : The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘shortcodes_set’ parameter in all versions up to, and including, 1.0.6.6 due to insufficient input sanitization and output […]
The following table lists the changes that have been made to the CVE-2025-0425 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics. New CVE Received by [email protected] Feb. 18, 2025 Action […]
The following table lists the changes that have been made to the CVE-2025-0424 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics. New CVE Received by [email protected] Feb. 18, 2025 Action […]
The following table lists the changes that have been made to the CVE-2025-0423 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics. New CVE Received by [email protected] Feb. 18, 2025 Action […]
An authenticated user in the “bestinformed Web” application can execute commands on the underlying server running the application. (Remote Code Execution) For this, the user must be able to create “ScriptVars” with the type „script” and preview them by, for example, creating a new “Info”. By default, admin users have those permissions, but with the […]
CVE ID : CVE-2024-13795 Published : Feb. 18, 2025, 8:15 a.m. | 38 minutes ago Description : The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.12.27. This is due to missing or incorrect nonce validation on the ecwid_deactivate_feedback() function. This makes […]
CVE ID : CVE-2024-13704 Published : Feb. 18, 2025, 8:15 a.m. | 38 minutes ago Description : The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘st_user_title’ parameter in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers […]
CVE ID : CVE-2024-13575 Published : Feb. 18, 2025, 8:15 a.m. | 38 minutes ago Description : The Web Stories Enhancer – Level Up Your Web Stories plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘web_stories_enhancer’ shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output […]
CVE ID : CVE-2024-13465 Published : Feb. 18, 2025, 8:15 a.m. | 38 minutes ago Description : The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the “Table Of Content” Block, specifically in the “markerView” attribute, in all versions up to, and including, 1.6.1 due to insufficient input sanitization […]
CVE ID : CVE-2024-11895 Published : Feb. 18, 2025, 8:15 a.m. | 38 minutes ago Description : The Online Payments – Get Paid with PayPal, Square & Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcodes in all versions up to, and including, 3.20.0 due to insufficient input sanitization and output […]
Unit A5, Endeavour Business Park
Penner Road, Havant
PO9 1QN
Company Registration Number: 5334133
Company VAT Number: 855 7246 95
