Vulnerabilities > Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2025-02-20	CVE-2024-13789	The ravpage plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.31 via deserialization of untrusted input from the 'paramsv2' parameter. network low complexity CWE-502 critical	9.8
2025-02-18	CVE-2024-12860	The CarSpot – Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.4.3. network low complexity CWE-620 critical	9.8
2025-02-18	CVE-2024-13725	The Keap Official Opt-in Forms plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.1 via the service parameter. network low complexity CWE-22 critical	9.8
2025-02-17	CVE-2025-1387	Orca HCM from LEARNING DIGITAL has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to log in to the system as any user. network low complexity critical	9.8
2025-02-15	CVE-2024-12562	The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 241216 via deserialization of untrusted input from the 's2member_pro_remote_op' vulnerable parameter. network low complexity CWE-502 critical	9.8
2025-02-15	CVE-2024-13513	The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.2.3 via the logging functionality. network low complexity CWE-862 critical	9.8
2025-02-14	CVE-2024-13152	Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injection.This issue affects Mobuy Online Machinery Monitoring Panel: before 2.0. network low complexity CWE-566 critical	10.0
2025-02-13	CVE-2024-13182	The WP Directorybox Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.5. network low complexity CWE-288 critical	9.8
2025-02-13	CVE-2024-10763	The Campress theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.35 via the 'campress_woocommerce_get_ajax_products' function. network low complexity CWE-22 critical	9.8
2025-02-12	CVE-2025-0108	Missing Authentication for Critical Function vulnerability in Paloaltonetworks Pan-Os An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. network low complexity paloaltonetworks CWE-306 critical	9.1

Vulnerabilities > Critical {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Critical"}]}

Vulnerabilities > Critical