Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-19 | CVE-2024-13489 | SQL Injection vulnerability in Eniture LTL Freight Quotes The LTL Freight Quotes – Old Dominion Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-02-19 | CVE-2025-1132 | SQL Injection vulnerability in Churchcrm A time-based blind SQL Injection vulnerability exists in the ChurchCRM 5.13.0 and prior EditEventAttendees.php within the EN_tyid parameter. | 8.8 |
| 2025-02-19 | CVE-2025-1133 | SQL Injection vulnerability in Churchcrm A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based blind SQL Injection vulnerability in the EditEventAttendees functionality. | 7.2 |
| 2025-02-19 | CVE-2025-1134 | SQL Injection vulnerability in Churchcrm A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the DonatedItemEditor functionality. | 7.2 |
| 2025-02-19 | CVE-2025-1135 | SQL Injection vulnerability in Churchcrm A vulnerability exists in ChurchCRM 5.13.0. | 7.2 |
| 2025-02-19 | CVE-2024-13468 | The Trash Duplicate and 301 Redirect plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'duplicates-action-top' action in all versions up to, and including, 1.9. | 7.5 |
| 2025-02-19 | CVE-2024-13592 | The Team Builder For WPBakery Page Builder(Formerly Visual Composer) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0 via the 'team-builder-vc' shortcode. | 7.5 |
| 2025-02-19 | CVE-2025-1441 | Cross-Site Request Forgery (CSRF) vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1007. | 8.8 |
| 2025-02-19 | CVE-2024-11582 | The Subscribe2 – Form, Email Subscribers & Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ip parameter in all versions up to, and including, 10.43 due to insufficient input sanitization and output escaping. | 7.2 |
| 2025-02-19 | CVE-2025-1448 | A vulnerability was found in Synway SMG Gateway Management Software up to 20250204. | 7.3 |