Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-04 | CVE-2025-22226 | Unspecified vulnerability in VMWare products VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process. | 6.0 |
| 2025-03-04 | CVE-2025-0370 | Cross-site Scripting vulnerability in Vanokhin Shortcodes Ultimate The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘src’ parameter in all versions up to, and including, 7.3.3 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-03-04 | CVE-2025-0958 | Improper Input Validation vulnerability in Auctionplugin Ultimate Auction The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 4.2.9. | 6.3 |
| 2025-03-04 | CVE-2024-13682 | Cross-Site Request Forgery (CSRF) vulnerability in Wpswings Wallet System for Woocommerce The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. | 4.3 |
| 2025-03-04 | CVE-2024-13724 | Improper Authorization vulnerability in Wpswings Wallet System for Woocommerce The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 2.6.2. | 4.3 |
| 2025-03-04 | CVE-2024-9618 | Cross-site Scripting vulnerability in Master-Addons Master Addons The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.0.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-03-04 | CVE-2025-0433 | Cross-site Scripting vulnerability in Master-Addons Master Addons The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 2.0.7.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-03-04 | CVE-2025-0512 | Cross-site Scripting vulnerability in Wpsc-Plugin Structured Content The Structured Content (JSON-LD) #wpsc plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sc_fs_local_business shortcode in all versions up to, and including, 6.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-03-04 | CVE-2024-48248 | Unspecified vulnerability in Nakivo Backup & Replication Director 9.4.0.R43656 NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router (this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials). | 8.6 |
| 2025-03-04 | CVE-2024-58043 | Unspecified vulnerability in Huawei Emui and Harmonyos Permission bypass vulnerability in the window module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 5.5 |