Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2025-02-18 CVE-2025-26609 Improper Access Control vulnerability in Wegia
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users.
network
low complexity
wegia CWE-284
critical
 9.8
9.8
2025-02-18 CVE-2025-26610 SQL Injection vulnerability in Wegia
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users.
network
low complexity
wegia CWE-89
critical
 9.8
9.8
2025-02-18 CVE-2025-26611 Improper Access Control vulnerability in Wegia
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users.
network
low complexity
wegia CWE-284
critical
 9.8
9.8
2025-02-18 CVE-2025-26612 SQL Injection vulnerability in Wegia
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users.
network
low complexity
wegia CWE-89
critical
 9.8
9.8
2025-02-18 CVE-2025-26613 Improper Access Control vulnerability in Wegia 3.2.13
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users.
network
low complexity
wegia CWE-284
critical
 9.8
9.8
2025-02-18 CVE-2025-26617 Improper Access Control vulnerability in Wegia 3.2.13
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users.
network
low complexity
wegia CWE-284
critical
 9.8
9.8
2025-02-18 CVE-2024-13797 Code Injection vulnerability in Presslayouts Pressmart
The PressMart - Modern Elementor WooCommerce WordPress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.16.
network
low complexity
presslayouts CWE-94
critical
 9.8
9.8
2025-02-18 CVE-2025-1023 SQL Injection vulnerability in Churchcrm
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a time-based blind SQL Injection vulnerability in the EditEventTypes functionality.
network
low complexity
churchcrm CWE-89
critical
 9.8
9.8
2025-02-18 CVE-2024-12860 Unspecified vulnerability in Carspot Project Carspot
The CarSpot – Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.4.3.
network
low complexity
carspot-project
critical
 9.8
9.8
2025-02-18 CVE-2024-13556 Deserialization of Untrusted Data vulnerability in Wecantrack Affiliate Links
The Affiliate Links: WordPress Plugin for Link Cloaking and Link Management plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.1 via deserialization of untrusted input from an file export.
network
low complexity
wecantrack CWE-502
critical
 9.8
9.8