Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-18 | CVE-2024-13622 | Unspecified vulnerability in Imaginate-Solutions File Uploads Addon for Woocommerce The File Uploads Addon for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the 'uploads' directory. | 7.5 |
| 2025-02-18 | CVE-2024-13677 | Missing Authorization vulnerability in Istmoplugins GET Bookings WP The GetBookingsWP – Appointments Booking Calendar Plugin For WordPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.27. | 8.8 |
| 2025-02-18 | CVE-2024-13684 | Cross-Site Request Forgery (CSRF) vulnerability in Smartzminds Reset The Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. | 8.1 |
| 2025-02-18 | CVE-2024-13687 | Missing Authorization vulnerability in Webdevocean Team Builder The Team Builder – Meet the Team plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_team_builder_options() function in all versions up to, and including, 1.3. | 4.3 |
| 2025-02-18 | CVE-2024-13725 | Path Traversal vulnerability in Keap Official OPT in Forms The Keap Official Opt-in Forms plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.1 via the service parameter. | 9.8 |
| 2025-02-18 | CVE-2024-13848 | Cross-site Scripting vulnerability in Jakob42 Reaction Buttons The Reaction Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. | 4.8 |
| 2025-02-18 | CVE-2024-13852 | Cross-Site Request Forgery (CSRF) vulnerability in Backie Option Editor The Option Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. | 8.8 |
| 2025-02-18 | CVE-2025-0796 | Cross-Site Request Forgery (CSRF) vulnerability in Kevinbrent Wprequal The Mortgage Lead Capture System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.2.10. | 4.3 |
| 2025-02-18 | CVE-2025-0805 | Cross-site Scripting vulnerability in Mlcalc Mortgage Loan Calculator The Mortgage Calculator / Loan Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mlcalc' shortcode in all versions up to, and including, 1.5.20 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-18 | CVE-2024-13740 | The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.4.2 via the pm_messenger_show_messages function due to missing validation on a user controlled key. | 4.3 |