Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-12 | CVE-2024-13600 | Unspecified vulnerability in Majesticsupport Majestic Support The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.5 via the 'majesticsupportdata' directory. | 7.5 |
| 2025-02-12 | CVE-2024-13714 | The All-Images.ai – IA Image Bank and Custom Image creation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the '_get_image_by_url' function in all versions up to, and including, 1.0.4. | 8.8 |
| 2025-02-12 | CVE-2024-13653 | Missing Authorization vulnerability in Mvpthemes Zoxpress The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backup_options' function in all versions up to, and including, 2.12.0. | 8.8 |
| 2025-02-12 | CVE-2024-13654 | Missing Authorization vulnerability in Mvpthemes Zoxpress The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'reset_options' function in all versions up to, and including, 2.12.0. | 8.1 |
| 2025-02-12 | CVE-2024-13656 | Missing Authorization vulnerability in Mvpthemes Click MAG The Click Mag - Viral WordPress News Magazine/Blog Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanel_of_ajax_callback() function in all versions up to, and including, 3.6.0. | 8.1 |
| 2025-02-12 | CVE-2024-13800 | Missing Authorization vulnerability in Convertplug Convertplus The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cp_dismiss_notice' AJAX endpoint in all versions up to, and including, 3.5.30. | 8.1 |
| 2025-02-11 | CVE-2024-12547 | Out-of-bounds Write vulnerability in Tungstenautomation Power PDF Tungsten Automation Power PDF JPF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. | 8.8 |
| 2025-02-11 | CVE-2024-12549 | Out-of-bounds Read vulnerability in Tungstenautomation Power PDF Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. | 7.8 |
| 2025-02-11 | CVE-2024-12550 | Out-of-bounds Read vulnerability in Tungstenautomation Power PDF Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. | 7.8 |
| 2025-02-11 | CVE-2024-12551 | Out-of-bounds Read vulnerability in Tungstenautomation Power PDF Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. | 7.8 |