Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-05-07 CVE-2025-32404 Out-of-bounds Write vulnerability in Rt-Labs P-Net
An Out-of-bounds Write in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to corrupt the memory of IO devices that use the library by sending a malicious RPC packet.
network
low complexity
rt-labs CWE-787
critical
 9.8
9.8
2025-05-07 CVE-2025-32405 Out-of-bounds Write vulnerability in Rt-Labs P-Net
An Out-of-bounds Write in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library by sending a malicious RPC packet.
network
low complexity
rt-labs CWE-787
7.5
7.5
2025-05-07 CVE-2025-3766 The Login Lockdown & Protection plugin for WordPress is vulnerable to unauthorized nonce access due to a missing capability check on the ajax_run_tool function in all versions up to, and including, 2.11.
network
low complexity
CWE-862
5.4
5.4
2025-05-07 CVE-2025-2821 The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_rest_permission function in all versions up to, and including, 2.4.9.
network
low complexity
CWE-862
5.3
5.3
2025-05-07 CVE-2025-3844 The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to Authentication Bypass in versions 1.9.1 to 7.5.2.
network
low complexity
CWE-288
critical
 9.8
9.8
2025-05-07 CVE-2025-3851 The Download Manager and Payment Form WordPress Plugin – WP SmartPay plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 1.1.0 to 2.7.13 via the show() function due to missing validation on a user controlled key.
network
low complexity
CWE-200
4.3
4.3
2025-05-07 CVE-2025-3852 The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.0 to 2.6.0.
network
low complexity
CWE-269
8.8
8.8
2025-05-07 CVE-2025-3853 The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 2.0.0 to 2.6.0 via the callback_generate_api_key() due to missing validation on a user controlled key.
network
low complexity
CWE-639
6.5
6.5
2025-05-07 CVE-2025-3860 The CarDealerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘saleclass' parameter in all versions up to, and including, 6.7.2504.00 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-05-07 CVE-2025-3921 The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handel_ajax_req() function in versions 1.9.1 to 7.5.2.
network
low complexity
CWE-285
8.2
8.2