VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-01-25
CVE-2024-10552
The Flexmls® IDX Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘api_key’ and 'api_secret' parameters in all versions up to, and including, 3.14.26 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-01-25
CVE-2024-12600
The Custom Product Tabs Lite for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.0 via deserialization of untrusted input from the 'frs_woo_product_tabs' parameter.
network
low complexity
CWE-502
7.2
7.2
2025-01-25
CVE-2024-13721
The Plethora Plugins Tabs + Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the anchor parameter in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-85
6.4
6.4
2025-01-25
CVE-2025-0682
The ThemeREX Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.0 via the 'trx_sc_reviews' shortcode 'type' attribute.
network
low complexity
CWE-98
8.8
8.8
2025-01-25
CVE-2025-0411
Unspecified vulnerability in 7-Zip
7-Zip Mark-of-the-Web Bypass Vulnerability.
local
high complexity
7-zip
7.0
7.0
2025-01-25
CVE-2024-13709
The Linear plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1.
network
low complexity
CWE-352
4.3
4.3
2025-01-25
CVE-2025-0357
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, and including, 1.6.9.
network
low complexity
CWE-434
critical
9.8
9.8
2025-01-24
CVE-2025-21262
Unspecified vulnerability in Microsoft Edge Chromium
User Interface (UI) Misrepresentation of Critical Information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network
network
low complexity
microsoft
5.4
5.4
2025-01-24
CVE-2025-0709
A vulnerability was found in Dcat-Admin 2.2.1-beta.
network
low complexity
CWE-94
2.4
2.4
2025-01-24
CVE-2025-0710
Cross-site Scripting vulnerability in Campcodes School Management Software 1.0
A vulnerability classified as problematic has been found in CampCodes School Management Software 1.0.
network
low complexity
campcodes
CWE-79
5.4
5.4
«
Previous
1
2
...
352
353
354
(current)
355
356
...
16818
16819
»
Next