Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2025-03-07 CVE-2025-1315 Authentication Bypass Using an Alternate Path or Channel vulnerability in Sfwebservice Injob
The InWave Jobs plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 3.5.1.
network
low complexity
sfwebservice CWE-288
critical
 9.8
9.8
2025-03-07 CVE-2025-1475 The WPCOM Member plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.5.
network
low complexity
CWE-287
critical
 9.8
9.8
2025-03-06 CVE-2024-12144 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Finder Fire Safety Finder ERP/CRM (Old System) allows SQL Injection.This issue affects Finder ERP/CRM (Old System): before 18.12.2024.
network
low complexity
CWE-89
critical
 9.8
9.8
2025-03-05 CVE-2024-12097 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Boceksoft Informatics E-Travel allows SQL Injection.This issue affects E-Travel: before 15.12.2024.
network
low complexity
CWE-89
critical
 9.8
9.8
2025-03-05 CVE-2024-13147 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Merkur Software B2B Login Panel allows SQL Injection.This issue affects B2B Login Panel: before 15.01.2025.
network
low complexity
CWE-89
critical
 9.8
9.8
2025-03-05 CVE-2024-11951 The Homey Login Register plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.0.
network
low complexity
CWE-269
critical
 9.8
9.8
2025-03-05 CVE-2024-12281 The Homey theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.2.
network
low complexity
CWE-269
critical
 9.8
9.8
2025-03-05 CVE-2024-13787 The VEDA - MultiPurpose WordPress Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2 via deserialization of untrusted input in the 'veda_backup_and_restore_action' function.
network
low complexity
CWE-502
critical
 9.8
9.8
2025-03-05 CVE-2025-1515 The WP Real Estate Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.8.
network
low complexity
CWE-288
critical
 9.8
9.8
2025-03-05 CVE-2025-1393 An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product.
network
low complexity
CWE-798
critical
 9.8
9.8