Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-02-18 CVE-2024-13677 Missing Authorization vulnerability in Istmoplugins GET Bookings WP
The GetBookingsWP – Appointments Booking Calendar Plugin For WordPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.27.
network
low complexity
istmoplugins CWE-862
8.8
8.8
2025-02-18 CVE-2024-13684 Cross-Site Request Forgery (CSRF) vulnerability in Smartzminds Reset
The Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.
network
low complexity
smartzminds CWE-352
8.1
8.1
2025-02-18 CVE-2024-13687 Missing Authorization vulnerability in Webdevocean Team Builder
The Team Builder – Meet the Team plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_team_builder_options() function in all versions up to, and including, 1.3.
network
low complexity
webdevocean CWE-862
4.3
4.3
2025-02-18 CVE-2024-13725 Path Traversal vulnerability in Keap Official OPT in Forms
The Keap Official Opt-in Forms plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.1 via the service parameter.
network
low complexity
keap CWE-22
critical
 9.8
9.8
2025-02-18 CVE-2024-13848 Cross-site Scripting vulnerability in Jakob42 Reaction Buttons
The Reaction Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping.
network
low complexity
jakob42 CWE-79
4.8
4.8
2025-02-18 CVE-2024-13852 Cross-Site Request Forgery (CSRF) vulnerability in Backie Option Editor
The Option Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0.
network
low complexity
backie CWE-352
8.8
8.8
2025-02-18 CVE-2025-0796 Cross-Site Request Forgery (CSRF) vulnerability in Kevinbrent Wprequal
The Mortgage Lead Capture System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.2.10.
network
low complexity
kevinbrent CWE-352
4.3
4.3
2025-02-18 CVE-2025-0805 Cross-site Scripting vulnerability in Mlcalc Mortgage Loan Calculator
The Mortgage Calculator / Loan Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mlcalc' shortcode in all versions up to, and including, 1.5.20 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
mlcalc CWE-79
5.4
5.4
2025-02-18 CVE-2024-13740 Authorization Bypass Through User-Controlled Key vulnerability in Metagauss Profilegrid
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.4.2 via the pm_messenger_show_messages function due to missing validation on a user controlled key.
network
low complexity
metagauss CWE-639
4.3
4.3
2025-02-18 CVE-2024-13741 Server-Side Request Forgery (SSRF) vulnerability in Metagauss Profilegrid
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Limited Server-Side Request Forgery in all versions up to, and including, 5.9.4.2 via the pm_upload_image function.
network
low complexity
metagauss CWE-918
5.4
5.4