Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-30 | CVE-2024-13707 | Cross-Site Request Forgery (CSRF) vulnerability in Ivanm WP Image Uploader The WP Image Uploader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. | 8.1 |
| 2025-01-30 | CVE-2025-0861 | SQL Injection vulnerability in Vruiz Vr-Frases The VR-Frases (collect & share quotes) plugin for WordPress is vulnerable to SQL Injection via several parameters in all versions up to, and including, 3.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.2 |
| 2025-01-30 | CVE-2025-21107 | Unquoted Search Path or Element vulnerability in Dell Networker Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. | 7.8 |
| 2025-01-30 | CVE-2024-13694 | Authorization Bypass Through User-Controlled Key vulnerability in Moreconvert Woocommerce Wishlist 1.7.2 The WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.8.7 via the download_pdf_file() function due to missing validation on a user controlled key. | 7.5 |
| 2025-01-30 | CVE-2025-0849 | Unspecified vulnerability in Campcodes School Management Software 1.0 A vulnerability classified as critical has been found in CampCodes School Management Software 1.0. | 8.1 |
| 2025-01-29 | CVE-2025-21396 | Unspecified vulnerability in Microsoft Account Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network. | 8.2 |
| 2025-01-29 | CVE-2025-21415 | Authentication Bypass by Spoofing vulnerability in Microsoft Azure AI Face Service Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network. | 8.8 |
| 2025-01-29 | CVE-2025-0841 | A vulnerability has been found in Aridius XYZ up to 20240927 on OpenCart and classified as critical. | 7.3 |
| 2025-01-29 | CVE-2025-0840 | Stack-based Buffer Overflow vulnerability in GNU Binutils A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. | 7.5 |
| 2025-01-29 | CVE-2024-13696 | The Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wishlist_name’ parameter in all versions up to, and including, 1.2.25 due to insufficient input sanitization and output escaping. | 7.2 |