Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-28 | CVE-2024-13796 | Information Exposure vulnerability in Pickplugins Post Grid The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.6 via the /wp-json/post-grid/v2/get_users REST API This makes it possible for unauthenticated attackers to extract sensitive data including including emails and other user data. | 7.5 |
| 2025-02-28 | CVE-2025-0975 | IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters. | 8.8 |
| 2025-02-28 | CVE-2024-12811 | The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.8 via the 'hotel_alone_slider' shortcode 'style' attribute. | 8.8 |
| 2025-02-28 | CVE-2025-1682 | The Cardealer theme for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.4 due to missing capability check on the 'save_settings' function. | 8.8 |
| 2025-02-28 | CVE-2025-1687 | The Cardealer theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.4. | 8.8 |
| 2025-02-27 | CVE-2025-1755 | Untrusted Search Path vulnerability in multiple products MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\node_modules\. | 7.8 |
| 2025-02-27 | CVE-2025-1756 | Untrusted Search Path vulnerability in multiple products mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\node_modules\. | 7.8 |
| 2025-02-27 | CVE-2024-9334 | Use of Hard-coded Credentials, Storage of Sensitive Data in a Mechanism without Access Control vulnerability in E-Kent Pallium Vehicle Tracking allows Authentication Bypass.This issue affects Pallium Vehicle Tracking: before 17.10.2024. | 8.2 |
| 2025-02-27 | CVE-2025-1282 | Path Traversal vulnerability in Thememakers CAR Dealer Automotive The Car Dealer Automotive WordPress Theme – Responsive theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_post_photo() and add_car() functions in all versions up to, and including, 1.6.3. | 8.8 |
| 2025-02-27 | CVE-2025-1717 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Pluginly Login ME NOW The Login Me Now plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.2. | 8.1 |