Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-08 | CVE-2024-12854 | The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the functionality that automatically extracts 'ggpkg' files that have been uploaded in all versions up to, and including, 2.3.0. | 8.8 |
| 2025-01-08 | CVE-2024-11939 | The Cost Calculator Builder PRO plugin for WordPress is vulnerable to blind time-based SQL Injection via the ‘data’ parameter in all versions up to, and including, 3.2.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-01-08 | CVE-2024-9939 | The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfu_file_downloader.php. | 7.5 |
| 2025-01-08 | CVE-2024-11270 | Missing Authorization vulnerability in Webinarpress The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the 'sync-import-imgs' function and missing file type validation in all versions up to, and including, 1.33.24. | 8.8 |
| 2025-01-08 | CVE-2024-11816 | Missing Authorization vulnerability in Wpextended Ultimate Wordpress Toolkit The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Remote Code Execution in version 3.0.11. | 8.8 |
| 2025-01-08 | CVE-2024-54121 | Unspecified vulnerability in Huawei Harmonyos 5.0.0 Startup control vulnerability in the ability module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | 7.5 |
| 2025-01-08 | CVE-2024-56448 | Unspecified vulnerability in Huawei Emui and Harmonyos Vulnerability of improper access control in the home screen widget module Impact: Successful exploitation of this vulnerability may affect availability. | 7.5 |
| 2025-01-08 | CVE-2024-56449 | Unspecified vulnerability in Huawei Emui and Harmonyos Privilege escalation vulnerability in the Account module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 |
| 2025-01-08 | CVE-2023-52954 | Incorrect Default Permissions vulnerability in Huawei Emui and Harmonyos Vulnerability of improper permission control in the Gallery module Impact: Successful exploitation of this vulnerability may affect availability. | 7.5 |
| 2025-01-08 | CVE-2023-52955 | Improper Authentication vulnerability in Huawei Emui and Harmonyos Vulnerability of improper authentication in the ANS system service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | 7.5 |