Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-18 | CVE-2024-13689 | The Uncode Core plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.9.1.6. | 6.3 |
| 2025-02-18 | CVE-2025-1269 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in HAVELSAN Liman MYS allows Cross-Site Flashing.This issue affects Liman MYS: before 2.1.1 - 1010. low complexity CWE-601 | 4.8 |
| 2025-02-18 | CVE-2025-1035 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Komtera Technolgies KLog Server allows Manipulating Web Input to File System Calls.This issue affects KLog Server: before 3.1.1. low complexity CWE-22 | 5.7 |
| 2025-02-18 | CVE-2024-13636 | Deserialization of Untrusted Data vulnerability in Unitedthemes Brooklyn 4.9.7.6 The Brooklyn theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.9.9.2 via deserialization of untrusted input in the ot_decode function. | 8.8 |
| 2025-02-18 | CVE-2024-13667 | Cross-site Scripting vulnerability in Undsgn Uncode The Uncode theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mle-description’ parameter in all versions up to, and including, 2.9.1.6 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-02-18 | CVE-2024-13681 | Unspecified vulnerability in Undsgn Uncode The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncode_admin_get_oembed' function in all versions up to, and including, 2.9.1.6. | 7.5 |
| 2025-02-18 | CVE-2024-13691 | Unspecified vulnerability in Undsgn Uncode The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncode_recordMedia' function in all versions up to, and including, 2.9.1.6. | 6.5 |
| 2025-02-18 | CVE-2024-13783 | Missing Authorization vulnerability in Ncrafts Formcraft The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11. | 4.3 |
| 2025-02-18 | CVE-2024-13797 | Code Injection vulnerability in Presslayouts Pressmart The PressMart - Modern Elementor WooCommerce WordPress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.16. | 9.8 |
| 2025-02-18 | CVE-2025-0521 | Cross-site Scripting vulnerability in Wpexperts Post Smtp The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the from and subject parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. | 6.1 |