Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-12 | CVE-2025-21699 | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag Truncate an inode's address space when flipping the GFS2_DIF_JDATA flag: depending on that flag, the pages in the address space will either use buffer heads or iomap_folio_state structs, and we cannot mix the two. | 5.5 |
| 2025-02-12 | CVE-2024-10322 | Cross-site Scripting vulnerability in Brizy The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-02-12 | CVE-2025-1197 | SQL Injection vulnerability in Fabianros Real Estate Property Management System 1.0 A vulnerability has been found in code-projects Real Estate Property Management System 1.0 and classified as critical. | 7.5 |
| 2025-02-12 | CVE-2025-1199 | SQL Injection vulnerability in Mayurik Best Church Management Software 1.1 A vulnerability was found in SourceCodester Best Church Management Software 1.1. | 6.5 |
| 2025-02-12 | CVE-2024-10960 | Unrestricted Upload of File with Dangerous Type vulnerability in Brizy The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'storeUploads' function in all versions up to, and including, 2.6.4. | 8.8 |
| 2025-02-12 | CVE-2024-12386 | Cross-Site Request Forgery (CSRF) vulnerability in Kevonadonis WP Abstracts The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.3. | 5.4 |
| 2025-02-12 | CVE-2024-13477 | SQL Injection vulnerability in Enituretechnology LTL Freight Quotes The LTL Freight Quotes – Unishippers Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 2.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.8 |
| 2025-02-12 | CVE-2024-13480 | SQL Injection vulnerability in Enituretechnology LTL Freight Quotes The LTL Freight Quotes – For Customers of FedEx Freight plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-02-12 | CVE-2024-13532 | SQL Injection vulnerability in Enituretechnology Small Package Quotes The Small Package Quotes – Purolator Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-02-12 | CVE-2025-0511 | Cross-site Scripting vulnerability in Welcart E-Commerce The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 2.11.9 due to insufficient input sanitization and output escaping. | 6.1 |