Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-12 | CVE-2024-13539 | Information Exposure Through an Error Message vulnerability in Vividcolorsjp Aforms Eats The AForms Eats plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.3.1. | 5.3 |
| 2025-02-12 | CVE-2024-13541 | Missing Authorization vulnerability in Adirectory The aDirectory – WordPress Directory Listing Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the adqs_delete_listing() function in all versions up to, and including, 2.3. | 5.4 |
| 2025-02-12 | CVE-2024-13554 | Missing Authorization vulnerability in Wpextended WP Extended The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reorder_route() function in all versions up to, and including, 3.0.13. | 5.3 |
| 2025-02-12 | CVE-2024-13701 | Cross-site Scripting vulnerability in Stklcode Liveticker The Liveticker (by stklcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'liveticker' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-12 | CVE-2024-13749 | Cross-site Scripting vulnerability in Era404 Stafflist The StaffList plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.3. | 6.1 |
| 2025-02-12 | CVE-2025-0808 | Cross-Site Request Forgery (CSRF) vulnerability in Wp-Property-Hive Houzez Property Feed The Houzez Property Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.21. | 5.4 |
| 2025-02-11 | CVE-2024-12547 | Out-of-bounds Write vulnerability in Tungstenautomation Power PDF Tungsten Automation Power PDF JPF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. | 8.8 |
| 2025-02-11 | CVE-2024-12548 | Use After Free vulnerability in Tungstenautomation Power PDF Tungsten Automation Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability. | 3.3 |
| 2025-02-11 | CVE-2024-12549 | Out-of-bounds Read vulnerability in Tungstenautomation Power PDF Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. | 7.8 |
| 2025-02-11 | CVE-2024-12550 | Out-of-bounds Read vulnerability in Tungstenautomation Power PDF Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. | 7.8 |