Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-02-15 CVE-2024-13752 The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check in the '/pm/v2/settings/notice' endpoint all versions up to, and including, 2.6.17.
network
low complexity
CWE-862
6.5
6.5
2025-02-15 CVE-2025-1005 The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion widget in all versions up to, and including, 3.4.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-02-15 CVE-2024-13525 The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via Shortcode.
network
low complexity
CWE-200
6.5
6.5
2025-02-15 CVE-2024-13563 The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's forgot-password shortcode in all versions up to, and including, 3.2.30 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-02-15 CVE-2025-0935 The Media Library Folders plugin for WordPress is vulnerable to unauthorized plugin settings change due to a missing capability check on several AJAX actions in all versions up to, and including, 8.3.0.
network
low complexity
CWE-862
4.3
4.3
2025-02-15 CVE-2024-13513 The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.2.3 via the logging functionality.
network
low complexity
CWE-862
critical
 9.8
9.8
2025-02-14 CVE-2024-52895 IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check.
network
low complexity
CWE-754
6.5
6.5
2025-02-14 CVE-2024-56477 IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system.
network
low complexity
CWE-22
6.5
6.5
2025-02-14 CVE-2024-12651 Exposed Dangerous Method or Function vulnerability in PTT Inc.
network
low complexity
CWE-749
8.5
8.5
2025-02-14 CVE-2024-13152 Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injection.This issue affects Mobuy Online Machinery Monitoring Panel: before 2.0.
network
low complexity
CWE-566
critical
 10.0
10