Vulnerabilities > High

DATE	CVE	VULNERABILITY TITLE	RISK
2025-03-26	CVE-2025-1913	The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.5.0 via deserialization of untrusted input from the 'form_data' parameter This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. network low complexity CWE-502	7.2
2025-03-26	CVE-2025-2110	The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on its on its AJAX functions in all versions up to, and including, 6.30.15. network low complexity CWE-862	8.8
2025-03-26	CVE-2024-13801	The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'baf_set_notice_status' AJAX action in all versions up to, and including, 2.1.4. network low complexity CWE-862	8.1
2025-03-26	CVE-2025-1514	The Active Products Tables for WooCommerce. network low complexity CWE-20	7.3
2025-03-26	CVE-2025-2009	The Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the logging functionality in all versions up to, and including, 4.9.9.7 due to insufficient input sanitization and output escaping. network low complexity CWE-79	7.2
2025-03-26	CVE-2025-2257	OS Command Injection vulnerability in Boldgrid Total Upkeep The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.10 via the compression_level setting. network low complexity boldgrid CWE-78	7.2
2025-03-25	CVE-2025-29789	Relative Path Traversal vulnerability in Open-Emr Openemr OpenEMR is a free and open source electronic health records and medical practice management application. network low complexity open-emr CWE-23	7.5
2025-03-25	CVE-2024-13690	The WP Church Donation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several donation form submission parameters in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. network low complexity CWE-79	7.2
2025-03-25	CVE-2025-2319	The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.11.13 to 5.25.08. network low complexity CWE-352	8.8
2025-03-25	CVE-2025-2717	OS Command Injection vulnerability in Dlink Dir-823X Firmware 240126/240802 A vulnerability, which was classified as critical, has been found in D-Link DIR-823X 240126/240802. network low complexity dlink CWE-78	7.2

Vulnerabilities > High {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"High"}]}

Vulnerabilities > High