Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2025-02-19 CVE-2025-1441 Cross-Site Request Forgery (CSRF) vulnerability in Royal-Elementor-Addons Royal Elementor Addons
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1007.
network
low complexity
royal-elementor-addons CWE-352
8.8
8.8
2025-02-19 CVE-2024-11582 The Subscribe2 – Form, Email Subscribers & Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ip parameter in all versions up to, and including, 10.43 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
7.2
7.2
2025-02-19 CVE-2025-1448 A vulnerability was found in Synway SMG Gateway Management Software up to 20250204.
network
low complexity
CWE-74
7.3
7.3
2025-02-18 CVE-2025-27113 Unspecified vulnerability in Xmlsoft Libxml2
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.
network
low complexity
xmlsoft
7.5
7.5
2025-02-18 CVE-2025-26605 Unspecified vulnerability in Wegia
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users.
network
low complexity
wegia
8.8
8.8
2025-02-18 CVE-2025-26614 SQL Injection vulnerability in Wegia 3.2.13
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users.
network
low complexity
wegia CWE-89
8.8
8.8
2025-02-18 CVE-2025-26615 Improper Access Control vulnerability in Wegia 3.2.13
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users.
network
low complexity
wegia CWE-284
7.5
7.5
2025-02-18 CVE-2025-26616 Improper Access Control vulnerability in Wegia 3.2.13
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users.
network
low complexity
wegia CWE-284
7.5
7.5
2025-02-18 CVE-2024-13636 Deserialization of Untrusted Data vulnerability in Unitedthemes Brooklyn 4.9.7.6
The Brooklyn theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.9.9.2 via deserialization of untrusted input in the ot_decode function.
network
low complexity
unitedthemes CWE-502
8.8
8.8
2025-02-18 CVE-2024-13681 Unspecified vulnerability in Undsgn Uncode
The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncode_admin_get_oembed' function in all versions up to, and including, 2.9.1.6.
network
low complexity
undsgn
7.5
7.5