Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-07 | CVE-2024-12609 | The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'view-attendance' page in all versions up to, and including, 92.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the mj_smgt_view_student_attendance() function. | 6.5 |
| 2025-03-07 | CVE-2024-12610 | The School Management System for Wordpress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'mj_smgt_remove_feetype' and 'mj_smgt_remove_category_new' AJAX actions in all versions up to, and including, 93.0.0. | 5.3 |
| 2025-03-07 | CVE-2024-12611 | The School Management System for Wordpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'title' parameter in all versions up to, and including, 93.0.0 due to insufficient input sanitization and output escaping. | 5.3 |
| 2025-03-07 | CVE-2024-12876 | Missing Authorization vulnerability in Uxper Golo The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.10. | 9.8 |
| 2025-03-07 | CVE-2024-13431 | Cross-site Scripting vulnerability in Nsquared Appointment Booking Calendar The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the accent_color and background parameter in all versions up to, and including, 1.6.8.3 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-03-07 | CVE-2024-13781 | SQL Injection vulnerability in Heroplugins Hero Maps Premium The Hero Maps Premium plugin for WordPress is vulnerable to SQL Injection via several AJAX actions in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2025-03-07 | CVE-2024-13904 | Server-Side Request Forgery (SSRF) vulnerability in Platformly Platform.Ly for Woocommerce The Platform.ly for WooCommerce plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.6 via the 'hooks' function. | 9.1 |
| 2025-03-07 | CVE-2024-9658 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Dasinfomedia School Management System The School Management System for Wordpress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 93.0.0. | 8.8 |
| 2025-03-07 | CVE-2025-0959 | SQL Injection: Hibernate vulnerability in Imithemes Eventer The Eventer - WordPress Event & Booking Manager Plugin plugin for WordPress is vulnerable to SQL Injection via the reg_id parameter in all versions up to, and including, 3.9.9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2025-03-07 | CVE-2025-1315 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Sfwebservice Injob The InWave Jobs plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 3.5.1. | 9.8 |