| 2025-02-18 | CVE-2024-13848 | Cross-site Scripting vulnerability in Jakob42 Reaction Buttons
The Reaction Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. | 4.8 |
| 2025-02-18 | CVE-2024-13852 | Cross-Site Request Forgery (CSRF) vulnerability in Backie Option Editor
The Option Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. | 8.8 |
| 2025-02-18 | CVE-2025-0796 | Cross-Site Request Forgery (CSRF) vulnerability in Kevinbrent Wprequal
The Mortgage Lead Capture System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.2.10. | 4.3 |
| 2025-02-18 | CVE-2025-0805 | Cross-site Scripting vulnerability in Mlcalc Mortgage Loan Calculator
The Mortgage Calculator / Loan Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mlcalc' shortcode in all versions up to, and including, 1.5.20 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-18 | CVE-2024-13740 | The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.4.2 via the pm_messenger_show_messages function due to missing validation on a user controlled key. | 4.3 |
| 2025-02-18 | CVE-2024-13741 | The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Limited Server-Side Request Forgery in all versions up to, and including, 5.9.4.2 via the pm_upload_image function. | 5.4 |
| 2025-02-17 | CVE-2024-13879 | The Stream plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.2 due to insufficient validation on the webhook feature. | 5.5 |
| 2025-02-17 | CVE-2025-1392 | A vulnerability has been found in D-Link DIR-816 1.01TO and classified as problematic. | 3.5 |
| 2025-02-17 | CVE-2025-1391 | A flaw was found in the Keycloak organization feature, which allows the incorrect assignment of an organization to a user if their username or email matches the organization’s domain pattern. | 5.4 |
| 2025-02-17 | CVE-2025-1378 | A vulnerability, which was classified as problematic, was found in radare2 5.9.9 33286. | 3.3 |