Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-18 | CVE-2025-26616 | Improper Access Control vulnerability in Wegia 3.2.13 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. | 7.5 |
| 2025-02-18 | CVE-2024-13636 | Deserialization of Untrusted Data vulnerability in Unitedthemes Brooklyn 4.9.7.6 The Brooklyn theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.9.9.2 via deserialization of untrusted input in the ot_decode function. | 8.8 |
| 2025-02-18 | CVE-2024-13681 | Unspecified vulnerability in Undsgn Uncode The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncode_admin_get_oembed' function in all versions up to, and including, 2.9.1.6. | 7.5 |
| 2025-02-18 | CVE-2024-13369 | SQL Injection vulnerability in Goodlayers Tour Master The Tour Master - Tour Booking, Travel, Hotel plugin for WordPress is vulnerable to time-based SQL Injection via the ‘review_id’ parameter in all versions up to, and including, 5.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 |
| 2025-02-18 | CVE-2024-13315 | Cross-Site Request Forgery (CSRF) vulnerability in Shopwarden The Shopwarden – Automated WooCommerce monitoring & testing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.11. | 8.8 |
| 2025-02-18 | CVE-2024-13622 | Unspecified vulnerability in Imaginate-Solutions File Uploads Addon for Woocommerce The File Uploads Addon for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the 'uploads' directory. | 7.5 |
| 2025-02-18 | CVE-2024-13677 | Missing Authorization vulnerability in Istmoplugins GET Bookings WP The GetBookingsWP – Appointments Booking Calendar Plugin For WordPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.27. | 8.8 |
| 2025-02-18 | CVE-2024-13684 | Cross-Site Request Forgery (CSRF) vulnerability in Smartzminds Reset The Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. | 8.1 |
| 2025-02-18 | CVE-2024-13852 | Cross-Site Request Forgery (CSRF) vulnerability in Backie Option Editor The Option Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. | 8.8 |
| 2025-02-17 | CVE-2025-0924 | The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. | 7.2 |