Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2025-03-07 CVE-2024-10804 The Ultimate Video Player WordPress & WooCommerce Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 10.0 via the content/downloader.php file.
network
low complexity
CWE-22
7.5
7.5
2025-03-07 CVE-2024-12035 The CS Framework plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the cs_widget_file_delete() function in all versions up to, and including, 6.9.
network
low complexity
CWE-22
8.8
8.8
2025-03-07 CVE-2024-12036 The CS Framework plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.9 via the get_widget_settings_json() function.
network
low complexity
CWE-73
7.5
7.5
2025-03-07 CVE-2024-9658 Authentication Bypass Using an Alternate Path or Channel vulnerability in Dasinfomedia School Management System
The School Management System for Wordpress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 93.0.0.
network
low complexity
dasinfomedia CWE-288
8.8
8.8
2025-03-07 CVE-2024-13906 The Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.7.3 via deserialization of untrusted input in the 'import_gallery_from_csv' function.
network
low complexity
CWE-502
7.2
7.2
2025-03-07 CVE-2025-1309 The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the uip_save_form_as_option() function in all versions up to, and including, 3.5.04.
network
low complexity
CWE-862
8.8
8.8
2025-03-07 CVE-2024-13320 The CURCY - WooCommerce Multi Currency - Currency Switcher plugin for WordPress is vulnerable to SQL Injection via the 'wc_filter_price_meta[where]' parameter in all versions up to, and including, 2.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
7.5
7.5
2025-03-07 CVE-2024-13655 The Flex Mag - Responsive WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanel_of_ajax_callback() function in all versions up to, and including, 3.5.2.
network
low complexity
CWE-862
8.1
8.1
2025-03-07 CVE-2025-2066 A vulnerability has been found in projectworlds Life Insurance Management System 1.0 and classified as critical.
network
low complexity
CWE-74
7.3
7.3
2025-03-07 CVE-2025-2067 A vulnerability was found in projectworlds Life Insurance Management System 1.0 and classified as critical.
network
low complexity
CWE-74
7.3
7.3