Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-19 | CVE-2024-12626 | The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘a-0-o-search_field_value’ parameter in all versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping. | 9.6 |
| 2024-12-18 | CVE-2024-12287 | The Biagiotti Membership plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.0.2. | 9.8 |
| 2024-12-17 | CVE-2024-8972 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mobil365 Informatics Saha365 App allows SQL Injection.This issue affects Saha365 App: before 30.09.2024. | 9.8 |
| 2024-12-17 | CVE-2024-12356 | Command Injection vulnerability in Beyondtrust Remote Support A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. | 9.8 |
| 2024-12-16 | CVE-2024-10095 | Deserialization of Untrusted Data vulnerability in Telerik UI for WPF In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability. | 9.8 |
| 2024-12-16 | CVE-2024-54367 | Deserialization of Untrusted Data vulnerability in Ultimatemember Forumwp Deserialization of Untrusted Data vulnerability in ForumWP ForumWP allows Object Injection.This issue affects ForumWP: from n/a through 2.1.0. | 9.8 |
| 2024-12-16 | CVE-2024-12641 | TenderDocTransfer from Chunghwa Telecom has a Reflected Cross-site scripting vulnerability. | 9.6 |
| 2024-12-14 | CVE-2024-11715 | Missing Authorization vulnerability in Wpjobportal WP JOB Portal The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the assignUserRole() function in all versions up to, and including, 2.2.2. | 9.8 |
| 2024-12-13 | CVE-2024-55956 | Command Injection vulnerability in Cleo Lexicom and Vltrader In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory. | 9.8 |
| 2024-12-13 | CVE-2024-54139 | Cross-site Scripting vulnerability in Combodo Itop Combodo iTop is an open source and web-based IT service management platform. | 9.6 |