Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-12 | CVE-2025-1187 | Out-of-bounds Write vulnerability in Code-Projects Police FIR Record Management System 1.0 A vulnerability classified as critical was found in code-projects Police FIR Record Management System 1.0. | 7.8 |
| 2025-02-12 | CVE-2025-1188 | SQL Injection vulnerability in Codezips GYM Management System 1.0 A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. | 9.8 |
| 2025-02-12 | CVE-2025-1183 | SQL Injection vulnerability in Codezips GYM Management System 1.0 A vulnerability has been found in CodeZips Gym Management System 1.0 and classified as critical. | 9.8 |
| 2025-02-12 | CVE-2024-13374 | Missing Authorization vulnerability in Joomunited WP Table Manager The WP Table Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on thewptm_getFolders AJAX action in all versions up to, and including, 4.1.3. | 6.5 |
| 2025-02-12 | CVE-2024-13600 | Unspecified vulnerability in Majesticsupport Majestic Support The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.5 via the 'majesticsupportdata' directory. | 7.5 |
| 2025-02-12 | CVE-2024-13601 | Authorization Bypass Through User-Controlled Key vulnerability in Majesticsupport Majestic Support The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.5 via the 'exportusereraserequest' function due to missing validation on a user controlled key. | 4.3 |
| 2025-02-12 | CVE-2024-13714 | The All-Images.ai – IA Image Bank and Custom Image creation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the '_get_image_by_url' function in all versions up to, and including, 1.0.4. | 8.8 |
| 2025-02-12 | CVE-2024-11746 | Cross-site Scripting vulnerability in Gsplugins Woocommerce Brands The Discover the Best Woocommerce Product Brands Plugin for WordPress – Woocommerce Brands Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'product_brand' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-12 | CVE-2024-12164 | Missing Authorization vulnerability in Creativewerkdesigns Wpsyncsheets The WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsslwp_reset_settings() function in all versions up to, and including, 1.6. | 4.3 |
| 2025-02-12 | CVE-2024-13421 | Unspecified vulnerability in Contempothemes Real Estate 7 The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.1. | 9.8 |