Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2025-03-08 CVE-2024-11087 Improper Authentication vulnerability in Miniorange Social Login
The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9.
network
low complexity
miniorange CWE-287
critical
 9.8
9.8
2025-03-07 CVE-2025-2097 Out-of-bounds Write vulnerability in Totolink Ex1800T Firmware 9.1.0Cu.2112B20220316
A vulnerability, which was classified as critical, has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316.
network
low complexity
totolink CWE-787
critical
 9.8
9.8
2025-03-07 CVE-2025-2094 OS Command Injection vulnerability in Totolink Ex1800T Firmware 9.1.0Cu.2112B20220316
A vulnerability was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316.
network
low complexity
totolink CWE-78
critical
 9.8
9.8
2025-03-07 CVE-2025-2095 OS Command Injection vulnerability in Totolink Ex1800T Firmware 9.1.0Cu.2112B20220316
A vulnerability classified as critical has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316.
network
low complexity
totolink CWE-78
critical
 9.8
9.8
2025-03-07 CVE-2025-2096 OS Command Injection vulnerability in Totolink Ex1800T Firmware 9.1.0Cu.2112B20220316
A vulnerability classified as critical was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316.
network
low complexity
totolink CWE-78
critical
 9.8
9.8
2025-03-07 CVE-2025-2088 Injection vulnerability in PHPgurukul Pre-School Enrollment System 1.0
A vulnerability, which was classified as critical, was found in PHPGurukul Pre-School Enrollment System up to 1.0.
network
low complexity
phpgurukul CWE-74
critical
 9.8
9.8
2025-03-07 CVE-2024-12876 Missing Authorization vulnerability in Uxper Golo
The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.10.
network
low complexity
uxper CWE-862
critical
 9.8
9.8
2025-03-07 CVE-2024-13904 Server-Side Request Forgery (SSRF) vulnerability in Platformly Platform.Ly for Woocommerce
The Platform.ly for WooCommerce plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.6 via the 'hooks' function.
network
low complexity
platformly CWE-918
critical
 9.1
9.1
2025-03-07 CVE-2025-1315 Authentication Bypass Using an Alternate Path or Channel vulnerability in Sfwebservice Injob
The InWave Jobs plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 3.5.1.
network
low complexity
sfwebservice CWE-288
critical
 9.8
9.8
2025-03-07 CVE-2025-1475 The WPCOM Member plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.5.
network
low complexity
CWE-287
critical
 9.8
9.8