Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2025-03-07 CVE-2024-12036 The CS Framework plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.9 via the get_widget_settings_json() function.
network
low complexity
CWE-73
7.5
7.5
2025-03-07 CVE-2024-9658 Authentication Bypass Using an Alternate Path or Channel vulnerability in Dasinfomedia School Management System
The School Management System for Wordpress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 93.0.0.
network
low complexity
dasinfomedia CWE-288
8.8
8.8
2025-03-07 CVE-2024-13906 The Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.7.3 via deserialization of untrusted input in the 'import_gallery_from_csv' function.
network
low complexity
CWE-502
7.2
7.2
2025-03-07 CVE-2025-1309 The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the uip_save_form_as_option() function in all versions up to, and including, 3.5.04.
network
low complexity
CWE-862
8.8
8.8
2025-03-07 CVE-2024-13320 The CURCY - WooCommerce Multi Currency - Currency Switcher plugin for WordPress is vulnerable to SQL Injection via the 'wc_filter_price_meta[where]' parameter in all versions up to, and including, 2.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
7.5
7.5
2025-03-07 CVE-2024-13655 The Flex Mag - Responsive WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanel_of_ajax_callback() function in all versions up to, and including, 3.5.2.
network
low complexity
CWE-862
8.1
8.1
2025-03-07 CVE-2025-0749 The Homey theme for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.3.
network
high complexity
CWE-288
8.1
8.1
2025-03-07 CVE-2025-2054 Injection vulnerability in Code-Projects Blood Bank Management System 1.0
A vulnerability was found in code-projects Blood Bank Management System 1.0.
network
low complexity
code-projects CWE-74
7.2
7.2
2025-03-07 CVE-2025-2051 Injection vulnerability in PHPgurukul Apartment Visitors Management System 1.0
A vulnerability has been found in PHPGurukul Apartment Visitors Management System 1.0 and classified as critical.
network
low complexity
phpgurukul CWE-74
8.8
8.8
2025-03-07 CVE-2025-2052 Injection vulnerability in PHPgurukul Apartment Visitors Management System 1.0
A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0 and classified as critical.
network
low complexity
phpgurukul CWE-74
8.8
8.8