| 2025-02-18 | CVE-2024-13622 | Unspecified vulnerability in Imaginate-Solutions File Uploads Addon for Woocommerce
The File Uploads Addon for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the 'uploads' directory. | 7.5 |
| 2025-02-18 | CVE-2024-13677 | Missing Authorization vulnerability in Istmoplugins GET Bookings WP
The GetBookingsWP – Appointments Booking Calendar Plugin For WordPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.27. | 8.8 |
| 2025-02-18 | CVE-2024-13684 | Cross-Site Request Forgery (CSRF) vulnerability in Smartzminds Reset
The Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. | 8.1 |
| 2025-02-18 | CVE-2024-13852 | Cross-Site Request Forgery (CSRF) vulnerability in Backie Option Editor
The Option Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. | 8.8 |
| 2025-02-17 | CVE-2025-1381 | SQL Injection vulnerability in Code-Projects Real Estate Property Management System 1.0
A vulnerability was found in code-projects Real Estate Property Management System 1.0. | 7.5 |
| 2025-02-17 | CVE-2025-0924 | The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. | 7.2 |
| 2025-02-17 | CVE-2025-1389 | Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents. | 8.8 |
| 2025-02-17 | CVE-2025-1374 | SQL Injection vulnerability in Fabianros Real Estate Property Management System 1.0
A vulnerability classified as critical has been found in code-projects Real Estate Property Management System 1.0. | 7.5 |
| 2025-02-17 | CVE-2025-1388 | Orca HCM from LEARNING DIGITAL has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and run web shells | 8.8 |
| 2025-02-16 | CVE-2025-1356 | SQL Injection vulnerability in Needyamin Library Card System 1.0
A vulnerability was found in needyamin Library Card System 1.0. | 7.5 |