Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-02-16 CVE-2025-1336 A vulnerability has been found in CmsEasy 7.7.7.9 and classified as problematic.
network
low complexity
CWE-22
4.3
4.3
2025-02-16 CVE-2025-1335 A vulnerability, which was classified as problematic, was found in CmsEasy 7.7.7.9.
network
low complexity
CWE-22
4.3
4.3
2025-02-16 CVE-2025-1332 A vulnerability has been found in FastCMS up to 0.1.5 and classified as problematic.
network
low complexity
CWE-94
2.4
2.4
2025-02-15 CVE-2024-13834 The Responsive Plus – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.4 via the 'remote_request' function.
network
low complexity
CWE-918
5.4
5.4
2025-02-15 CVE-2025-0822 Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the fileID Parameter.
network
low complexity
CWE-23
6.5
6.5
2025-02-15 CVE-2024-10581 The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9.
network
low complexity
CWE-352
4.3
4.3
2025-02-15 CVE-2024-13439 The Team – Team Members Showcase Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response() function in all versions up to, and including, 4.4.9.
network
low complexity
CWE-862
4.3
4.3
2025-02-15 CVE-2024-13488 The LTL Freight Quotes – Estes Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.3.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
7.5
7.5
2025-02-15 CVE-2024-13500 The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.6.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
6.5
6.5
2025-02-15 CVE-2024-12562 The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 241216 via deserialization of untrusted input from the 's2member_pro_remote_op' vulnerable parameter.
network
low complexity
CWE-502
critical
 9.8
9.8