Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-02-18 CVE-2024-13725 Path Traversal vulnerability in Keap Official OPT in Forms
The Keap Official Opt-in Forms plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.1 via the service parameter.
network
low complexity
keap CWE-22
critical
9.8
2025-02-18 CVE-2024-13848 Cross-site Scripting vulnerability in Jakob42 Reaction Buttons
The Reaction Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping.
network
low complexity
jakob42 CWE-79
4.8
2025-02-18 CVE-2024-13852 Cross-Site Request Forgery (CSRF) vulnerability in Backie Option Editor
The Option Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0.
network
low complexity
backie CWE-352
8.8
2025-02-18 CVE-2025-0796 Cross-Site Request Forgery (CSRF) vulnerability in Kevinbrent Wprequal
The Mortgage Lead Capture System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.2.10.
network
low complexity
kevinbrent CWE-352
4.3
2025-02-18 CVE-2025-0805 Cross-site Scripting vulnerability in Mlcalc Mortgage Loan Calculator
The Mortgage Calculator / Loan Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mlcalc' shortcode in all versions up to, and including, 1.5.20 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
mlcalc CWE-79
5.4
2025-02-18 CVE-2024-13740 Authorization Bypass Through User-Controlled Key vulnerability in Metagauss Profilegrid
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.4.2 via the pm_messenger_show_messages function due to missing validation on a user controlled key.
network
low complexity
metagauss CWE-639
4.3
2025-02-18 CVE-2024-13741 Server-Side Request Forgery (SSRF) vulnerability in Metagauss Profilegrid
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Limited Server-Side Request Forgery in all versions up to, and including, 5.9.4.2 via the pm_upload_image function.
network
low complexity
metagauss CWE-918
5.4
2025-02-17 CVE-2024-13879 The Stream plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.2 due to insufficient validation on the webhook feature.
network
low complexity
CWE-918
5.5
2025-02-17 CVE-2025-1392 A vulnerability has been found in D-Link DIR-816 1.01TO and classified as problematic.
network
low complexity
CWE-94
3.5
2025-02-17 CVE-2025-26772 Cross-site Scripting vulnerability in Detheme Dethemekit for Elementor
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Detheme DethemeKit For Elementor allows Stored XSS.
network
low complexity
detheme CWE-79
5.4