Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-30 | CVE-2024-13646 | Unspecified vulnerability in Aakashbhagat Single User Chat The Single-user-chat plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the 'single_user_chat_update_login' function in all versions up to, and including, 0.5. | 8.1 |
| 2025-01-30 | CVE-2024-13671 | Unspecified vulnerability in Partitionnumerique Music Sheet Viewer The Music Sheet Viewer plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.1 via the read_score_file() function. | 7.5 |
| 2025-01-30 | CVE-2024-13707 | Cross-Site Request Forgery (CSRF) vulnerability in Ivanm WP Image Uploader The WP Image Uploader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. | 8.1 |
| 2025-01-30 | CVE-2025-0861 | SQL Injection vulnerability in Vruiz Vr-Frases The VR-Frases (collect & share quotes) plugin for WordPress is vulnerable to SQL Injection via several parameters in all versions up to, and including, 3.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.2 |
| 2025-01-30 | CVE-2025-21107 | Unquoted Search Path or Element vulnerability in Dell Networker Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. | 7.8 |
| 2025-01-30 | CVE-2024-13694 | Authorization Bypass Through User-Controlled Key vulnerability in Moreconvert Woocommerce Wishlist 1.7.2 The WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.8.7 via the download_pdf_file() function due to missing validation on a user controlled key. | 7.5 |
| 2025-01-30 | CVE-2025-0849 | Unspecified vulnerability in Campcodes School Management Software 1.0 A vulnerability classified as critical has been found in CampCodes School Management Software 1.0. | 8.1 |
| 2025-01-29 | CVE-2025-21396 | Unspecified vulnerability in Microsoft Account Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network. | 8.2 |
| 2025-01-29 | CVE-2025-21415 | Authentication Bypass by Spoofing vulnerability in Microsoft Azure AI Face Service Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network. | 8.8 |
| 2025-01-29 | CVE-2025-0841 | A vulnerability has been found in Aridius XYZ up to 20240927 on OpenCart and classified as critical. | 7.3 |