Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-02-21 CVE-2025-1536 A vulnerability was found in Raisecom Multi-Service Intelligent Gateway up to 20250208.
network
low complexity
CWE-77
7.3
2025-02-21 CVE-2025-1537 A vulnerability was found in Harpia DiagSystem 12.
network
low complexity
CWE-74
6.3
2025-02-21 CVE-2025-1538 Out-of-bounds Write vulnerability in Dlink Dap-1320 Firmware 1.0
A vulnerability classified as critical was found in D-Link DAP-1320 1.00.
network
low complexity
dlink CWE-787
8.8
2025-02-21 CVE-2025-1539 Out-of-bounds Write vulnerability in Dlink Dap-1320 Firmware 1.0
A vulnerability, which was classified as critical, has been found in D-Link DAP-1320 1.00.
network
low complexity
dlink CWE-787
critical
9.8
2025-02-21 CVE-2024-10222 Cross-site Scripting vulnerability in Benbodhi SVG Support
The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.5.10 due to insufficient input sanitization and output escaping.
network
low complexity
benbodhi CWE-79
5.4
2025-02-21 CVE-2024-13455 Cross-site Scripting vulnerability in Igumbi
The igumbi Online Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'igumbi_calendar' shortcode in all versions up to, and including, 1.40 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
igumbi CWE-79
5.4
2025-02-21 CVE-2024-13713 SQL Injection vulnerability in Wpexperts Givewp Square
The WPExperts Square For GiveWP plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
wpexperts CWE-89
6.5
2025-02-21 CVE-2024-13846 SQL Injection vulnerability in Wpindeed Ultimate Learning PRO
The Indeed Ultimate Learning Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ‘post_id’ parameter in all versions up to, and including, 3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
wpindeed CWE-89
4.9
2025-02-21 CVE-2024-13900 Code Injection vulnerability in Satollo Head, Footer, and Post Injections
The Head, Footer and Post Injections plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.3.0.
network
low complexity
satollo CWE-94
7.2
2025-02-21 CVE-2025-1402 Missing Authorization vulnerability in Theeventscalendar Event Tickets
The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ajax_ticket_delete' function in all versions up to, and including, 5.19.1.1.
network
low complexity
theeventscalendar CWE-862
5.3