| 2025-01-14 | CVE-2024-12919 | The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.13.7. network low complexity CWE-287 critical | 9.8 |
| 2025-01-11 | CVE-2024-12877 | The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 via deserialization of untrusted input from the donation form like 'firstName'. network low complexity CWE-502 critical | 9.8 |
| 2025-01-10 | CVE-2024-41787 | IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. network low complexity CWE-367 critical | 9.8 |
| 2025-01-09 | CVE-2024-10215 | The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. network low complexity CWE-639 critical | 9.8 |
| 2025-01-09 | CVE-2024-11642 | The Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.4.12 via the 'locate_template' function. network low complexity CWE-22 critical | 9.8 |
| 2025-01-08 | CVE-2025-0282 | Out-of-bounds Write vulnerability in Ivanti products
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution. | 9.0 |
| 2025-01-08 | CVE-2024-11350 | The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6. network low complexity CWE-640 critical | 9.8 |
| 2025-01-08 | CVE-2024-54676 | Unspecified vulnerability in Apache Openmeetings
Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data. Users are recommended to upgrade to version 8.0.0 and update their startup scripts to include the relevant 'openjpa.serialization.class.blacklist' and 'openjpa.serialization.class.whitelist' configurations as shown in the documentation. network low complexity apache critical | 9.8 |
| 2025-01-08 | CVE-2024-11635 | The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cookie parameter. network low complexity CWE-94 critical | 9.8 |
| 2025-01-08 | CVE-2024-11613 | The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion in all versions up to, and including, 4.24.15 via the 'wfu_file_downloader.php' file. network low complexity CWE-94 critical | 9.8 |