Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2025-03-09 CVE-2025-2132 Injection vulnerability in Ftcms 2.1
A vulnerability classified as critical has been found in ftcms 2.1.
network
low complexity
ftcms CWE-74
7.2
2025-03-09 CVE-2025-2126 Injection vulnerability in Joomlaux JUX Real Estate 3.4.0
A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla and classified as critical.
network
low complexity
joomlaux CWE-74
8.8
2025-03-09 CVE-2025-2118 A vulnerability was found in Quantico Tecnologia PRMV 6.48.
network
low complexity
CWE-74
7.3
2025-03-08 CVE-2024-11640 Cross-Site Request Forgery (CSRF) vulnerability in E4Jconnect Vikrentcar
The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2.
network
low complexity
e4jconnect CWE-352
8.8
2025-03-08 CVE-2024-13882 Unrestricted Upload of File with Dangerous Type vulnerability in Coderevolution Aiomatic
The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aiomatic_generate_featured_image' function in all versions up to, and including, 2.3.8.
network
low complexity
coderevolution CWE-434
8.8
2025-03-08 CVE-2024-13908 Unrestricted Upload of File with Dangerous Type vulnerability in Bestwebsoft Smtp
The SMTP by BestWebSoft plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_options' function in all versions up to, and including, 1.1.9.
network
low complexity
bestwebsoft CWE-434
7.2
2025-03-08 CVE-2024-13835 Improper Privilege Management vulnerability in Wpexpertplugins Post Meta Data Manager
The Post Meta Data Manager plugin for WordPress is vulnerable to multisite privilege escalation in all versions up to, and including, 1.4.3.
network
low complexity
wpexpertplugins CWE-269
7.2
2025-03-08 CVE-2024-13890 Code Injection vulnerability in Sksdev Allow PHP Execute 1.0
The Allow PHP Execute plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0.
network
low complexity
sksdev CWE-94
7.2
2025-03-07 CVE-2025-0162 XXE vulnerability in IBM Aspera Shares 1.10.0/1.9.14/1.9.15
IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
2025-03-07 CVE-2025-27604 Information Exposure vulnerability in Xwiki Confluence Migrator
XWiki Confluence Migrator Pro helps admins to import confluence packages into their XWiki instance.
network
low complexity
xwiki CWE-200
7.5