Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-21 | CVE-2025-1539 | Out-of-bounds Write vulnerability in Dlink Dap-1320 Firmware 1.0 A vulnerability, which was classified as critical, has been found in D-Link DAP-1320 1.00. | 9.8 |
| 2025-02-21 | CVE-2024-10222 | Cross-site Scripting vulnerability in Benbodhi SVG Support The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.5.10 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-02-21 | CVE-2024-13455 | Cross-site Scripting vulnerability in Igumbi The igumbi Online Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'igumbi_calendar' shortcode in all versions up to, and including, 1.40 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-21 | CVE-2024-13713 | SQL Injection vulnerability in Wpexperts Givewp Square The WPExperts Square For GiveWP plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2025-02-21 | CVE-2024-13846 | SQL Injection vulnerability in Wpindeed Ultimate Learning PRO The Indeed Ultimate Learning Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ‘post_id’ parameter in all versions up to, and including, 3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 4.9 |
| 2025-02-21 | CVE-2024-13900 | Code Injection vulnerability in Satollo Head, Footer, and Post Injections The Head, Footer and Post Injections plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.3.0. | 7.2 |
| 2025-02-21 | CVE-2025-1402 | Missing Authorization vulnerability in Theeventscalendar Event Tickets The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ajax_ticket_delete' function in all versions up to, and including, 5.19.1.1. | 5.3 |
| 2025-02-21 | CVE-2025-1489 | Cross-site Scripting vulnerability in Tchgdns Wp-Appbox The WP-Appbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's appbox shortcode in all versions up to, and including, 4.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-21 | CVE-2025-1535 | A vulnerability was found in Baiyi Cloud Asset Management System 8.142.100.161. | 7.3 |
| 2025-02-21 | CVE-2024-12276 | SQL Injection vulnerability in Ultimatemember Ultimate Member The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to second-order SQL Injection via filenames in all versions up to, and including, 2.9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |