VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Critical
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-04-01
CVE-2024-13553
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.7.9.
network
low complexity
CWE-288
critical
9.8
9.8
2025-04-01
CVE-2025-2237
The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to authentication bypass in all versions up to, and including, 1.6.26.
network
low complexity
CWE-269
critical
9.8
9.8
2025-03-31
CVE-2025-3011
SOOP-CLM from PiExtract has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
network
low complexity
CWE-89
critical
9.8
9.8
2025-03-29
CVE-2025-2266
The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the cwmpUpdateOptions() function in versions 8.6.5 to 8.7.5.
network
low complexity
CWE-862
critical
9.8
9.8
2025-03-28
CVE-2025-2294
The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubio_hybrid_theme_load_template function.
network
low complexity
CWE-22
critical
9.8
9.8
2025-03-27
CVE-2025-2332
The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.13 via deserialization of untrusted input in the 'returnMetaValueAsCustomerInput' function.
network
low complexity
CWE-502
critical
9.8
9.8
2025-03-26
CVE-2024-47516
A vulnerability was found in Pagure.
network
low complexity
CWE-88
critical
9.8
9.8
2025-03-24
CVE-2025-2690
Deserialization of Untrusted Data vulnerability in Yiiframework YII
A vulnerability, which was classified as critical, was found in yiisoft Yii2 up to 2.0.39.
network
low complexity
yiiframework
CWE-502
critical
9.8
9.8
2025-03-24
CVE-2025-2689
Deserialization of Untrusted Data vulnerability in Yiiframework YII
A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45.
network
low complexity
yiiframework
CWE-502
critical
9.8
9.8
2025-03-24
CVE-2025-2687
Unrestricted Upload of File with Dangerous Type vulnerability in PHPgurukul Elearning System 1.0
A vulnerability classified as critical has been found in PHPGurukul eLearning System 1.0.
network
low complexity
phpgurukul
CWE-434
critical
9.8
9.8
«
1
(current)
2
3
4
5
...
2547
2548
»
Next