Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-28 | CVE-2024-8425 | Unrestricted Upload of File with Dangerous Type vulnerability in Wpswings Woocommerce Ultimate Gift Card The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwb_wgm_preview_mail' and 'mwb_wgm_woocommerce_add_cart_item_data' functions in all versions up to, and including, 2.6.0. | 9.8 |
| 2025-02-28 | CVE-2024-9193 | PHP Remote File Inclusion vulnerability in Whmpress Whmcs 6.3 The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.3-revision-0 via the whmpress_domain_search_ajax_extended_results() function. | 9.8 |
| 2025-02-28 | CVE-2025-1570 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Wpwax Directorist The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 8.1. | 9.8 |
| 2025-02-27 | CVE-2024-13148 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yukseloglu Filter B2B Login Platform allows SQL Injection.This issue affects B2B Login Platform: before 16.01.2025. | 9.8 |
| 2025-02-27 | CVE-2025-27154 | Unspecified vulnerability in Spotipy Project Spotipy Spotipy is a lightweight Python library for the Spotify Web API. | 9.8 |
| 2025-02-27 | CVE-2024-10918 | Stack-based Buffer Overflow vulnerability in Libmodbus 3.1.10 Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10 allows to overflow the buffer allocated for the Modbus response if the function tries to reply to a Modbus request with an unexpected length. | 9.8 |
| 2025-02-27 | CVE-2024-13905 | Server-Side Request Forgery (SSRF) vulnerability in Sainwp Onestore Sites The OneStore Sites plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.1.1 via the class-export.php file. | 9.1 |
| 2025-02-25 | CVE-2025-27135 | SQL Injection vulnerability in Infiniflow Ragflow RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. | 9.8 |
| 2025-02-25 | CVE-2025-1675 | Unspecified vulnerability in Zephyrproject Zephyr The function dns_copy_qname in dns_pack.c performs performs a memcpy operation with an untrusted field and does not check if the source buffer is large enough to contain the copied data. | 9.1 |
| 2025-02-25 | CVE-2025-1128 | Unrestricted Upload of File with Dangerous Type vulnerability in Wpeverest Everest Forms The Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file upload, read, and deletion due to missing file type and path validation in the 'format' method of the EVF_Form_Fields_Upload class in all versions up to, and including, 3.0.9.4. | 9.8 |