Vulnerabilities

DATE	CVE	VULNERABILITY TITLE	RISK
2025-02-18	CVE-2024-13681	Unspecified vulnerability in Undsgn Uncode The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncode_admin_get_oembed' function in all versions up to, and including, 2.9.1.6. network low complexity undsgn	7.5
2025-02-18	CVE-2024-13691	Unspecified vulnerability in Undsgn Uncode The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncode_recordMedia' function in all versions up to, and including, 2.9.1.6. network low complexity undsgn	6.5
2025-02-18	CVE-2024-13783	Missing Authorization vulnerability in Ncrafts Formcraft The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11. network low complexity ncrafts CWE-862	4.3
2025-02-18	CVE-2024-13797	Code Injection vulnerability in Presslayouts Pressmart The PressMart - Modern Elementor WooCommerce WordPress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.16. network low complexity presslayouts CWE-94 critical	9.8
2025-02-18	CVE-2025-0521	Cross-site Scripting vulnerability in Wpexperts Post Smtp The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the from and subject parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. network low complexity wpexperts CWE-79	6.1
2025-02-18	CVE-2025-0817	Cross-site Scripting vulnerability in Ncrafts Formcraft The FormCraft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.9.11 due to insufficient input sanitization and output escaping. network low complexity ncrafts CWE-79	6.1
2025-02-18	CVE-2024-13369	SQL Injection vulnerability in Goodlayers Tour Master The Tour Master - Tour Booking, Travel, Hotel plugin for WordPress is vulnerable to time-based SQL Injection via the ‘review_id’ parameter in all versions up to, and including, 5.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. network low complexity goodlayers CWE-89	8.8
2025-02-18	CVE-2025-0981	Cross-site Scripting vulnerability in Churchcrm A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to hijack a user's session by exploiting a Stored Cross Site Scripting (XSS) vulnerability in the Group Editor page. network low complexity churchcrm CWE-79	6.1
2025-02-18	CVE-2025-1023	SQL Injection vulnerability in Churchcrm A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a time-based blind SQL Injection vulnerability in the EditEventTypes functionality. network low complexity churchcrm CWE-89 critical	9.8
2025-02-18	CVE-2024-12860	Unspecified vulnerability in Carspot Project Carspot The CarSpot – Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.4.3. network low complexity carspot-project critical	9.8

Vulnerabilities {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities"}]}

Vulnerabilities