Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-28 | CVE-2024-13469 | Cross-site Scripting vulnerability in Pickplugins Pricing Table The Pricing Table by PickPlugins plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button Link in all versions up to, and including, 1.12.10 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-02-28 | CVE-2024-13638 | Information Exposure vulnerability in Directsoftware Order Attachments for Woocommerce The Order Attachments for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.1 via the 'uploads' directory. | 7.5 |
| 2025-02-28 | CVE-2024-13716 | Missing Authorization vulnerability in Tarbor Forex Calculators The Forex Calculators plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_settings_callback() function in all versions up to, and including, 1.3.5. | 4.3 |
| 2025-02-28 | CVE-2024-13831 | Deserialization of Untrusted Data vulnerability in Wpbranch Tabs for Woocommerce 1.0.0 The Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input in the 'product_has_custom_tabs' function. | 7.2 |
| 2025-02-28 | CVE-2024-13832 | Authorization Bypass Through User-Controlled Key vulnerability in Uncodethemes Ultra Addons Lite for Elementor The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.8 via the 'ut_elementor' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
| 2025-02-28 | CVE-2024-13851 | Cross-site Scripting vulnerability in Internet-Formation Modal Portfolio The Modal Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7.4.2 due to insufficient input sanitization and output escaping. | 4.8 |
| 2025-02-28 | CVE-2024-8420 | Incorrect Privilege Assignment vulnerability in Sitesao Dhvc Form The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. | 9.8 |
| 2025-02-28 | CVE-2024-8425 | Unrestricted Upload of File with Dangerous Type vulnerability in Wpswings Woocommerce Ultimate Gift Card The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwb_wgm_preview_mail' and 'mwb_wgm_woocommerce_add_cart_item_data' functions in all versions up to, and including, 2.6.0. | 9.8 |
| 2025-02-28 | CVE-2024-9019 | Cross-site Scripting vulnerability in Secupress The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's secupress_check_ban_ips_form shortcode in all versions up to, and including, 2.2.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-28 | CVE-2024-9193 | PHP Remote File Inclusion vulnerability in Whmpress Whmcs 6.3 The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.3-revision-0 via the whmpress_domain_search_ajax_extended_results() function. | 9.8 |