VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> High
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-03-07
CVE-2024-12036
The CS Framework plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.9 via the get_widget_settings_json() function.
network
low complexity
CWE-73
7.5
7.5
2025-03-07
CVE-2024-9658
Authentication Bypass Using an Alternate Path or Channel vulnerability in Dasinfomedia School Management System
The School Management System for Wordpress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 93.0.0.
network
low complexity
dasinfomedia
CWE-288
8.8
8.8
2025-03-07
CVE-2024-13906
The Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.7.3 via deserialization of untrusted input in the 'import_gallery_from_csv' function.
network
low complexity
CWE-502
7.2
7.2
2025-03-07
CVE-2025-1309
The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the uip_save_form_as_option() function in all versions up to, and including, 3.5.04.
network
low complexity
CWE-862
8.8
8.8
2025-03-07
CVE-2024-13320
The CURCY - WooCommerce Multi Currency - Currency Switcher plugin for WordPress is vulnerable to SQL Injection via the 'wc_filter_price_meta[where]' parameter in all versions up to, and including, 2.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
7.5
7.5
2025-03-07
CVE-2024-13655
The Flex Mag - Responsive WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanel_of_ajax_callback() function in all versions up to, and including, 3.5.2.
network
low complexity
CWE-862
8.1
8.1
2025-03-07
CVE-2025-0749
The Homey theme for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.3.
network
high complexity
CWE-288
8.1
8.1
2025-03-07
CVE-2025-2054
Injection vulnerability in Code-Projects Blood Bank Management System 1.0
A vulnerability was found in code-projects Blood Bank Management System 1.0.
network
low complexity
code-projects
CWE-74
7.2
7.2
2025-03-07
CVE-2025-2051
Injection vulnerability in PHPgurukul Apartment Visitors Management System 1.0
A vulnerability has been found in PHPGurukul Apartment Visitors Management System 1.0 and classified as critical.
network
low complexity
phpgurukul
CWE-74
8.8
8.8
2025-03-07
CVE-2025-2052
Injection vulnerability in PHPgurukul Apartment Visitors Management System 1.0
A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0 and classified as critical.
network
low complexity
phpgurukul
CWE-74
8.8
8.8
«
Previous
1
2
...
120
121
122
(current)
123
124
...
6897
6898
»
Next