Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-02-14 CVE-2024-13791 Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the downloadResponseFile() function.
network
low complexity
CWE-23
4.9
4.9
2025-02-14 CVE-2025-0821 Bit Assist plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
6.5
6.5
2025-02-14 CVE-2024-13735 The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.11.2 due to insufficient input sanitization and output escaping of a campaign name.
network
low complexity
CWE-79
6.4
6.4
2025-02-14 CVE-2024-9601 The Qubely – Advanced Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ and 'UniqueID' parameter in all versions up to, and including, 1.8.12 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.5
6.5
2025-02-14 CVE-2024-13641 The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the 'attachment' directory.
network
high complexity
CWE-200
5.9
5.9
2025-02-14 CVE-2024-13692 The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.4.5 via several functions due to missing validation on a user controlled key.
network
low complexity
CWE-285
5.4
5.4
2025-02-14 CVE-2024-55904 IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.
network
low complexity
CWE-78
7.2
7.2
2025-02-13 CVE-2025-22480 Link Following vulnerability in Dell Supportassist 3.2.0.90
Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability.
local
low complexity
dell CWE-59
7.8
7.8
2025-02-13 CVE-2025-25352 SQL Injection vulnerability in PHPgurukul Land Record System 1.0
A SQL Injection vulnerability was found in /admin/aboutus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the pagetitle POST request parameter.
network
low complexity
phpgurukul CWE-89
7.2
7.2
2025-02-13 CVE-2025-25354 SQL Injection vulnerability in PHPgurukul Land Record System 1.0
A SQL Injection was found in /admin/admin-profile.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the contactnumber POST request parameter.
network
low complexity
phpgurukul CWE-89
7.2
7.2