Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-04-01 CVE-2024-13941 A vulnerability was found in ouch-org ouch up to 0.3.1.
local
low complexity
CWE-119
5.3
5.3
2025-04-01 CVE-2024-13553 The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.7.9.
network
low complexity
CWE-288
critical
 9.8
9.8
2025-04-01 CVE-2025-2237 The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to authentication bypass in all versions up to, and including, 1.6.26.
network
low complexity
CWE-269
critical
 9.8
9.8
2025-04-01 CVE-2025-2906 The Contempo Real Estate Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-04-01 CVE-2025-2891 The Real Estate 7 WordPress theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'template-submit-listing.php' file in all versions up to, and including, 3.5.4.
network
low complexity
CWE-434
8.8
8.8
2025-04-01 CVE-2024-12189 The WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom widgets in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-04-01 CVE-2024-12278 The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via any location that typically sanitizes data using wp_kses, like comments, in all versions up to, and including, 7.2.5 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
7.2
7.2
2025-04-01 CVE-2025-1267 The Groundhogg plugin for Wordpress is vulnerable to Stored Cross-Site Scripting via the ‘label' parameter in versions up to, and including, 3.7.4.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
5.5
5.5
2025-04-01 CVE-2025-1512 The PowerPack Elementor Addons (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Cursor Extension in all versions up to, and including, 2.9.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-04-01 CVE-2024-13567 The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.3.1 via the 'awesome-support' directory.
network
low complexity
CWE-200
7.5
7.5