Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2025-02-18 | CVE-2024-13677 | Missing Authorization vulnerability in Istmoplugins GET Bookings WP The GetBookingsWP – Appointments Booking Calendar Plugin For WordPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.27. | 8.8 |
2025-02-18 | CVE-2024-13684 | Cross-Site Request Forgery (CSRF) vulnerability in Smartzminds Reset The Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. | 8.1 |
2025-02-18 | CVE-2024-13687 | Missing Authorization vulnerability in Webdevocean Team Builder The Team Builder – Meet the Team plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_team_builder_options() function in all versions up to, and including, 1.3. | 4.3 |
2025-02-18 | CVE-2024-13725 | Path Traversal vulnerability in Keap Official OPT in Forms The Keap Official Opt-in Forms plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.1 via the service parameter. | 9.8 |
2025-02-18 | CVE-2024-13848 | Cross-site Scripting vulnerability in Jakob42 Reaction Buttons The Reaction Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. | 4.8 |
2025-02-18 | CVE-2024-13852 | Cross-Site Request Forgery (CSRF) vulnerability in Backie Option Editor The Option Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. | 8.8 |
2025-02-18 | CVE-2025-0796 | Cross-Site Request Forgery (CSRF) vulnerability in Kevinbrent Wprequal The Mortgage Lead Capture System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.2.10. | 4.3 |
2025-02-18 | CVE-2025-0805 | Cross-site Scripting vulnerability in Mlcalc Mortgage Loan Calculator The Mortgage Calculator / Loan Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mlcalc' shortcode in all versions up to, and including, 1.5.20 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2025-02-18 | CVE-2024-13740 | Authorization Bypass Through User-Controlled Key vulnerability in Metagauss Profilegrid The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.4.2 via the pm_messenger_show_messages function due to missing validation on a user controlled key. | 4.3 |
2025-02-18 | CVE-2024-13741 | Server-Side Request Forgery (SSRF) vulnerability in Metagauss Profilegrid The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Limited Server-Side Request Forgery in all versions up to, and including, 5.9.4.2 via the pm_upload_image function. | 5.4 |