Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-21 | CVE-2025-1536 | A vulnerability was found in Raisecom Multi-Service Intelligent Gateway up to 20250208. | 7.3 |
| 2025-02-21 | CVE-2025-1537 | A vulnerability was found in Harpia DiagSystem 12. | 6.3 |
| 2025-02-21 | CVE-2025-1538 | Out-of-bounds Write vulnerability in Dlink Dap-1320 Firmware 1.0 A vulnerability classified as critical was found in D-Link DAP-1320 1.00. | 8.8 |
| 2025-02-21 | CVE-2025-1539 | Out-of-bounds Write vulnerability in Dlink Dap-1320 Firmware 1.0 A vulnerability, which was classified as critical, has been found in D-Link DAP-1320 1.00. | 9.8 |
| 2025-02-21 | CVE-2024-10222 | Cross-site Scripting vulnerability in Benbodhi SVG Support The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.5.10 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-02-21 | CVE-2024-13455 | Cross-site Scripting vulnerability in Igumbi The igumbi Online Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'igumbi_calendar' shortcode in all versions up to, and including, 1.40 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-21 | CVE-2024-13713 | SQL Injection vulnerability in Wpexperts Givewp Square The WPExperts Square For GiveWP plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2025-02-21 | CVE-2024-13846 | SQL Injection vulnerability in Wpindeed Ultimate Learning PRO The Indeed Ultimate Learning Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ‘post_id’ parameter in all versions up to, and including, 3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 4.9 |
| 2025-02-21 | CVE-2024-13900 | Code Injection vulnerability in Satollo Head, Footer, and Post Injections The Head, Footer and Post Injections plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.3.0. | 7.2 |
| 2025-02-21 | CVE-2025-1402 | Missing Authorization vulnerability in Theeventscalendar Event Tickets The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ajax_ticket_delete' function in all versions up to, and including, 5.19.1.1. | 5.3 |