Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2025-04-01 CVE-2024-13553 The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.7.9.
network
low complexity
CWE-288
critical
 9.8
9.8
2025-04-01 CVE-2025-2237 The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to authentication bypass in all versions up to, and including, 1.6.26.
network
low complexity
CWE-269
critical
 9.8
9.8
2025-03-31 CVE-2025-3011 SOOP-CLM from PiExtract has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
network
low complexity
CWE-89
critical
 9.8
9.8
2025-03-29 CVE-2025-2266 The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the cwmpUpdateOptions() function in versions 8.6.5 to 8.7.5.
network
low complexity
CWE-862
critical
 9.8
9.8
2025-03-28 CVE-2025-2294 The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubio_hybrid_theme_load_template function.
network
low complexity
CWE-22
critical
 9.8
9.8
2025-03-27 CVE-2025-2332 The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.13 via deserialization of untrusted input in the 'returnMetaValueAsCustomerInput' function.
network
low complexity
CWE-502
critical
 9.8
9.8
2025-03-26 CVE-2024-47516 A vulnerability was found in Pagure.
network
low complexity
CWE-88
critical
 9.8
9.8
2025-03-24 CVE-2025-2690 Deserialization of Untrusted Data vulnerability in Yiiframework YII
A vulnerability, which was classified as critical, was found in yiisoft Yii2 up to 2.0.39.
network
low complexity
yiiframework CWE-502
critical
 9.8
9.8
2025-03-24 CVE-2025-2689 Deserialization of Untrusted Data vulnerability in Yiiframework YII
A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45.
network
low complexity
yiiframework CWE-502
critical
 9.8
9.8
2025-03-24 CVE-2025-2687 Unrestricted Upload of File with Dangerous Type vulnerability in PHPgurukul Elearning System 1.0
A vulnerability classified as critical has been found in PHPGurukul eLearning System 1.0.
network
low complexity
phpgurukul CWE-434
critical
 9.8
9.8