Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-01-18 CVE-2025-0560 Cross-site Scripting vulnerability in Campcodes School Management Software 1.0
A vulnerability, which was classified as problematic, was found in CampCodes School Management Software 1.0.
network
low complexity
campcodes CWE-79
4.8
4.8
2025-01-18 CVE-2025-0559 Cross-site Scripting vulnerability in Campcodes School Management Software 1.0
A vulnerability, which was classified as problematic, has been found in Campcodes School Management Software 1.0.
network
low complexity
campcodes CWE-79
4.8
4.8
2025-01-18 CVE-2025-0558 A vulnerability classified as critical was found in TDuckCloud tduck-platform up to 4.0.
network
low complexity
CWE-74
6.3
6.3
2025-01-18 CVE-2024-13184 The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to time-based SQL Injection via the Login Attempts module in all versions up to, and including, 3.0.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
7.5
7.5
2025-01-18 CVE-2024-13375 The Adifier System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.1.7.
network
low complexity
CWE-620
critical
 9.8
9.8
2025-01-18 CVE-2025-0557 A vulnerability classified as problematic has been found in Hyland Alfresco Community Edition and Alfresco Enterprise Edition up to 6.2.2.
network
low complexity
CWE-94
4.3
4.3
2025-01-18 CVE-2024-13392 The Rate Star Review Vote – AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_reviews' shortcode in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-01-18 CVE-2024-12385 Cross-Site Request Forgery (CSRF) vulnerability in Kevonadonis WP Abstracts
The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2.
network
low complexity
kevonadonis CWE-352
6.1
6.1
2025-01-18 CVE-2024-12696 The Picture Gallery – Frontend Image Uploads, AJAX Photo List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's videowhisper_picture_upload_guest shortcode in all versions up to, and including, 1.5.22 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-01-18 CVE-2024-13317 The ShipWorks Connector for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.5.
network
low complexity
CWE-352
4.3
4.3