| 2025-02-28 | CVE-2025-0160 | IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service. | 8.1 |
| 2025-02-28 | CVE-2024-13638 | Information Exposure vulnerability in Directsoftware Order Attachments for Woocommerce
The Order Attachments for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.1 via the 'uploads' directory. | 7.5 |
| 2025-02-28 | CVE-2024-13831 | Deserialization of Untrusted Data vulnerability in Wpbranch Tabs for Woocommerce 1.0.0
The Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input in the 'product_has_custom_tabs' function. | 7.2 |
| 2025-02-28 | CVE-2024-9195 | The WHMPress - WHMCS Client Area plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the update_settings case in the /admin/ajax.php file in all versions up to, and including, 4.3-revision-3. | 8.8 |
| 2025-02-28 | CVE-2025-1572 | SQL Injection vulnerability in Iqonic Kivicare
The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the ‘u_id’ parameter in all versions up to, and including, 3.6.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 |
| 2025-02-28 | CVE-2024-13796 | Information Exposure vulnerability in Pickplugins Post Grid
The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.6 via the /wp-json/post-grid/v2/get_users REST API This makes it possible for unauthenticated attackers to extract sensitive data including including emails and other user data. | 7.5 |
| 2025-02-28 | CVE-2025-0975 | IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters. | 8.8 |
| 2025-02-28 | CVE-2024-12811 | The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.8 via the 'hotel_alone_slider' shortcode 'style' attribute. | 8.8 |
| 2025-02-28 | CVE-2025-1682 | The Cardealer theme for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.4 due to missing capability check on the 'save_settings' function. | 8.8 |
| 2025-02-28 | CVE-2025-1687 | The Cardealer theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.4. | 8.8 |