Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2025-01-07 CVE-2025-0298 SQL Injection vulnerability in Code-Projects Online Book Shop 1.0
A vulnerability was found in code-projects Online Book Shop 1.0.
network
low complexity
code-projects CWE-89
critical
9.8
2025-01-07 CVE-2025-0296 Injection vulnerability in Code-Projects Online Book Shop 1.0
A vulnerability was found in code-projects Online Book Shop 1.0.
network
low complexity
code-projects CWE-74
critical
9.8
2025-01-07 CVE-2024-49649 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Buildapp Build APP Online
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Abdul Hakeem Build App Online allows PHP Local File Inclusion.This issue affects Build App Online: from n/a through 1.0.23.
network
low complexity
buildapp CWE-829
critical
9.8
2025-01-07 CVE-2024-56273 Missing Authorization vulnerability in Wpvivid Migration, Backup, Staging
Missing Authorization vulnerability in WPvivid Backup & Migration WPvivid Backup and Migration allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPvivid Backup and Migration: from n/a through 0.9.106.
network
low complexity
wpvivid CWE-862
critical
9.8
2025-01-07 CVE-2024-12252 The SEO LAT Auto Post plugin for WordPress is vulnerable to file overwrite due to a missing capability check on the remote_update AJAX action in all versions up to, and including, 2.2.1.
network
low complexity
CWE-94
critical
9.8
2025-01-07 CVE-2024-12264 The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3.
network
low complexity
CWE-287
critical
9.8
2025-01-07 CVE-2024-12470 The School Management System – SakolaWP plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.8.
network
low complexity
CWE-266
critical
9.8
2025-01-07 CVE-2024-12402 The Themes Coder – Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.4.
network
low complexity
CWE-288
critical
9.8
2025-01-05 CVE-2025-0233 SQL Injection vulnerability in Codezips Project Management System 1.0
A vulnerability was found in Codezips Project Management System 1.0.
network
low complexity
codezips CWE-89
critical
9.8
2025-01-05 CVE-2025-0230 SQL Injection vulnerability in Fabianros Responsive Hotel Site 1.0
A vulnerability, which was classified as critical, was found in code-projects Responsive Hotel Site 1.0.
network
low complexity
fabianros CWE-89
critical
9.8