| 2025-02-18 | CVE-2024-13848 | Cross-site Scripting vulnerability in Jakob42 Reaction Buttons
The Reaction Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. | 4.8 |
| 2025-02-18 | CVE-2025-0796 | Cross-Site Request Forgery (CSRF) vulnerability in Kevinbrent Wprequal
The Mortgage Lead Capture System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.2.10. | 4.3 |
| 2025-02-18 | CVE-2025-0805 | Cross-site Scripting vulnerability in Mlcalc Mortgage Loan Calculator
The Mortgage Calculator / Loan Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mlcalc' shortcode in all versions up to, and including, 1.5.20 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-18 | CVE-2024-13740 | The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.4.2 via the pm_messenger_show_messages function due to missing validation on a user controlled key. | 4.3 |
| 2025-02-18 | CVE-2024-13741 | The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Limited Server-Side Request Forgery in all versions up to, and including, 5.9.4.2 via the pm_upload_image function. | 5.4 |
| 2025-02-17 | CVE-2024-13879 | The Stream plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.2 due to insufficient validation on the webhook feature. | 5.5 |
| 2025-02-17 | CVE-2025-1391 | A flaw was found in the Keycloak organization feature, which allows the incorrect assignment of an organization to a user if their username or email matches the organization’s domain pattern. | 5.4 |
| 2025-02-17 | CVE-2025-1374 | A vulnerability classified as critical has been found in code-projects Real Estate Property Management System 1.0. | 6.3 |
| 2025-02-17 | CVE-2025-1372 | A vulnerability was found in GNU elfutils 0.192. | 5.3 |
| 2025-02-17 | CVE-2025-1366 | A vulnerability was found in MicroWord eScan Antivirus 7.0.32 on Linux and classified as critical. | 5.3 |