VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-03-26
CVE-2024-13411
The Zapier for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5.1 via the updated_user() function.
network
low complexity
CWE-918
6.4
6.4
2025-03-26
CVE-2024-13889
The WordPress Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.8.3 via deserialization of untrusted input in the 'maybe_unserialize' function.
network
low complexity
CWE-502
7.2
7.2
2025-03-26
CVE-2025-1312
The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttonTextColor’ parameter in all versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-03-26
CVE-2025-1769
The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.5.0 via the download_file() function.
network
low complexity
CWE-22
4.9
4.9
2025-03-26
CVE-2025-1911
The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.5.0.
network
low complexity
CWE-73
2.7
2.7
2025-03-26
CVE-2025-1912
The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the validate_file() Function.
network
low complexity
CWE-918
7.6
7.6
2025-03-26
CVE-2025-1913
The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.5.0 via deserialization of untrusted input from the 'form_data' parameter This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object.
network
low complexity
CWE-502
7.2
7.2
2025-03-26
CVE-2025-2110
The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on its on its AJAX functions in all versions up to, and including, 6.30.15.
network
low complexity
CWE-862
8.8
8.8
2025-03-26
CVE-2025-1310
The Jobs for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.7.11 via the 'job_postings_get_file' parameter.
network
low complexity
CWE-22
6.5
6.5
2025-03-26
CVE-2025-1437
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all versions up to, and including, 2024.5 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
«
Previous
1
2
(current)
3
4
5
...
16699
16700
»
Next