Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-15 | CVE-2024-12562 | Deserialization of Untrusted Data vulnerability in S2Member The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 241216 via deserialization of untrusted input from the 's2member_pro_remote_op' vulnerable parameter. | 9.8 |
| 2025-02-15 | CVE-2024-13752 | Missing Authorization vulnerability in Wedevs WP Project Manager The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check in the '/pm/v2/settings/notice' endpoint all versions up to, and including, 2.6.17. | 6.5 |
| 2025-02-15 | CVE-2025-1005 | Cross-site Scripting vulnerability in Wpmet Elementskit Elementor Addons The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion widget in all versions up to, and including, 3.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-15 | CVE-2024-13525 | Unspecified vulnerability in Wpfactory Customer Email Verification for Woocommerce The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via Shortcode. | 6.5 |
| 2025-02-15 | CVE-2024-13563 | Cross-site Scripting vulnerability in Etoilewebdesign Front END Users The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's forgot-password shortcode in all versions up to, and including, 3.2.30 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-15 | CVE-2025-0935 | Missing Authorization vulnerability in Maxfoundry Media Library Folders The Media Library Folders plugin for WordPress is vulnerable to unauthorized plugin settings change due to a missing capability check on several AJAX actions in all versions up to, and including, 8.3.0. | 4.3 |
| 2025-02-15 | CVE-2024-13513 | Missing Authorization vulnerability in Oliverpos Oliver POS The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.2.3 via the logging functionality. | 9.8 |
| 2025-02-14 | CVE-2024-52895 | IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. | 6.5 |
| 2025-02-14 | CVE-2024-56477 | IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. | 6.5 |
| 2025-02-14 | CVE-2024-12651 | Exposed Dangerous Method or Function vulnerability in PTT Inc. | 8.5 |