Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-22 | CVE-2025-1361 | Improper Authorization vulnerability in Ip2Location Country Blocker The IP2Location Country Blocker plugin for WordPress is vulnerable to Regular Information Exposure in all versions up to, and including, 2.38.8 due to missing capability checks on the admin_init() function. | 5.3 |
| 2025-02-22 | CVE-2024-12038 | Cross-site Scripting vulnerability in Themekraft Buddyforms The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'buddyforms_nav' shortcode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-22 | CVE-2024-12467 | Cross-site Scripting vulnerability in Grafreak Payment BY Redsys The Pago por Redsys plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'Ds_MerchantParameters' parameter in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-02-22 | CVE-2024-13474 | The LTL Freight Quotes – Purolator Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 2.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-02-22 | CVE-2024-13798 | Improper Input Validation vulnerability in Pickplugins Comboblocks The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 2.3.5. | 5.3 |
| 2025-02-22 | CVE-2024-13873 | Authorization Bypass Through User-Controlled Key vulnerability in Wpjobportal WP JOB Portal The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.8 via the deleteUserPhoto() function due to missing validation on a user controlled key. | 4.3 |
| 2025-02-22 | CVE-2024-13899 | Deserialization of Untrusted Data vulnerability in Misterpah Mambo Joomla Importer 1.0 The Mambo Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0 via deserialization of untrusted input via the $data parameter in the fImportMenu function. | 7.2 |
| 2025-02-22 | CVE-2025-1509 | Code Injection vulnerability in Wpguru Show ME the Cookies 1.0 The The Show Me The Cookies plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0. | 9.8 |
| 2025-02-22 | CVE-2025-1510 | Code Injection vulnerability in Keesiemeijer Custom Post Type Date Archives The The Custom Post Type Date Archives plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.7.1. | 9.8 |
| 2025-02-22 | CVE-2024-22341 | IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management. | 5.3 |