Weekly Vulnerabilities Reports > December 30, 2024 to January 5, 2025
Overview
164 new vulnerabilities reported during this period, including 27 critical vulnerabilities and 49 high severity vulnerabilities. This weekly summary report vulnerabilities in 80 products from 60 vendors including Code Projects, Phpgurukul, IBM, Ashlar, and Dlink. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Missing Authorization", "Cross-Site Request Forgery (CSRF)", and "Out-of-bounds Write".
- 148 reported vulnerabilities are remotely exploitables.
- 86 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 80 reported vulnerabilities are exploitable by an anonymous user.
- Code Projects has the most reported vulnerabilities, with 24 reported vulnerabilities.
- Code Projects has the most reported critical vulnerabilities, with 6 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
27 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2025-01-04 | CVE-2024-12583 | The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. | 9.9 | |
| 2025-01-05 | CVE-2025-0233 | Codezips | SQL Injection vulnerability in Codezips Project Management System 1.0 A vulnerability was found in Codezips Project Management System 1.0. | 9.8 |
| 2025-01-05 | CVE-2025-0230 | Fabianros | SQL Injection vulnerability in Fabianros Responsive Hotel Site 1.0 A vulnerability, which was classified as critical, was found in code-projects Responsive Hotel Site 1.0. | 9.8 |
| 2025-01-05 | CVE-2025-0229 | Fabianros | SQL Injection vulnerability in Fabianros Travel Management System 1.0 A vulnerability, which was classified as critical, has been found in code-projects Travel Management System 1.0. | 9.8 |
| 2025-01-05 | CVE-2024-13136 | Wangl1989 | Deserialization of Untrusted Data vulnerability in Wangl1989 Mysiteforme 1.0 A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. | 9.8 |
| 2025-01-04 | CVE-2025-0213 | Campcodes | Unrestricted Upload of File with Dangerous Type vulnerability in Campcodes Project Management System 1.0 A vulnerability was found in Campcodes Project Management System 1.0. | 9.8 |
| 2025-01-04 | CVE-2025-0212 | Campcodes | SQL Injection vulnerability in Campcodes Student Grading System 1.0 A vulnerability was found in Campcodes Student Grading System 1.0. | 9.8 |
| 2025-01-04 | CVE-2025-0211 | Campcodes | Unspecified vulnerability in Campcodes School Faculty Scheduling System 1.0 A vulnerability was found in Campcodes School Faculty Scheduling System 1.0 and classified as critical. | 9.8 |
| 2025-01-04 | CVE-2025-0210 | Campcodes | SQL Injection vulnerability in Campcodes School Faculty Scheduling System 1.0 A vulnerability has been found in Campcodes School Faculty Scheduling System 1.0 and classified as critical. | 9.8 |
| 2025-01-04 | CVE-2025-0207 | Code Projects | SQL Injection vulnerability in Code-Projects Online Shoe Store 1.0 A vulnerability, which was classified as critical, has been found in code-projects Online Shoe Store 1.0. | 9.8 |
| 2025-01-04 | CVE-2025-0208 | Code Projects | SQL Injection vulnerability in Code-Projects Online Shoe Store 1.0 A vulnerability, which was classified as critical, was found in code-projects Online Shoe Store 1.0. | 9.8 |
| 2025-01-04 | CVE-2025-0205 | Code Projects | SQL Injection vulnerability in Code-Projects Online Shoe Store 1.0 A vulnerability classified as critical has been found in code-projects Online Shoe Store 1.0. | 9.8 |
| 2025-01-04 | CVE-2025-0204 | Code Projects | SQL Injection vulnerability in Code-Projects Online Shoe Store 1.0 A vulnerability was found in code-projects Online Shoe Store 1.0. | 9.8 |
| 2025-01-04 | CVE-2025-0203 | Code Projects | SQL Injection vulnerability in Code-Projects Student Management System 1.0 A vulnerability was found in code-projects Student Management System 1.0. | 9.8 |
| 2025-01-02 | CVE-2022-45830 | Analytify | Missing Authorization vulnerability in Analytify - Google Analytics Dashboard Missing Authorization vulnerability in Analytify.This issue affects Analytify: from n/a through 4.2.3. | 9.8 |
| 2025-01-02 | CVE-2023-47183 | Givewp | Missing Authorization vulnerability in Givewp Missing Authorization vulnerability in GiveWP GiveWP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through 2.33.1. | 9.8 |
| 2025-01-02 | CVE-2023-47188 | Presstigers | Missing Authorization vulnerability in Presstigers Simple JOB Board Missing Authorization vulnerability in PressTigers Simple Job Board allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Job Board: from n/a through 2.10.5. | 9.8 |
| 2024-12-31 | CVE-2024-13085 | Phpgurukul | SQL Injection vulnerability in PHPgurukul Land Record System 1.0 A vulnerability, which was classified as critical, has been found in PHPGurukul Land Record System 1.0. | 9.8 |
| 2024-12-31 | CVE-2024-13084 | Phpgurukul | SQL Injection vulnerability in PHPgurukul Land Record System 1.0 A vulnerability classified as critical was found in PHPGurukul Land Record System 1.0. | 9.8 |
| 2024-12-31 | CVE-2024-13072 | 1000Projects | SQL Injection vulnerability in 1000Projects Beauty Parlour Management System 1.0 A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. | 9.8 |
| 2024-12-30 | CVE-2024-56801 | Infotel | SQL Injection vulnerability in Infotel Tasklists Tasklists provides plugin tasklists for GLPI. | 9.8 |
| 2024-12-30 | CVE-2024-13037 | 1000Projects | SQL Injection vulnerability in 1000Projects Attendance Tracking Management System 1.0 A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. | 9.8 |
| 2024-12-30 | CVE-2024-13038 | Codeastro | Unspecified vulnerability in Codeastro Simple Loan Management System 1.0 A vulnerability was found in CodeAstro Simple Loan Management System 1.0. | 9.8 |
| 2024-12-30 | CVE-2024-13035 | Code Projects | SQL Injection vulnerability in Code-Projects Chat System 1.0 A vulnerability has been found in code-projects Chat System 1.0 and classified as critical. | 9.8 |
| 2024-12-31 | CVE-2024-12108 | Progress | Authentication Bypass by Spoofing vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API. | 9.6 |
| 2025-01-03 | CVE-2025-21609 | B3Log | Incomplete Cleanup vulnerability in B3Log Siyuan 3.1.18 SiYuan is self-hosted, open source personal knowledge management software. | 9.1 |
| 2024-12-30 | CVE-2024-22063 | ZTE | Improper Neutralization of Formula Elements in a CSV File vulnerability in ZTE Zenic ONE R58 The ZENIC ONE R58 products by ZTE Corporation have a command injection vulnerability. | 9.0 |
49 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2025-01-05 | CVE-2025-0231 | Codezips | SQL Injection vulnerability in Codezips GYM Management System 1.0 A vulnerability has been found in Codezips Gym Management System 1.0 and classified as critical. | 8.8 |
| 2025-01-05 | CVE-2025-0232 | Codezips | SQL Injection vulnerability in Codezips Blood Bank Management System 1.0 A vulnerability was found in Codezips Blood Bank Management System 1.0 and classified as critical. | 8.8 |
| 2025-01-05 | CVE-2024-13138 | Wangl1989 | Unrestricted Upload of File with Dangerous Type vulnerability in Wangl1989 Mysiteforme 1.0 A vulnerability was found in wangl1989 mysiteforme 1.0. | 8.8 |
| 2025-01-05 | CVE-2024-13139 | Wangl1989 | Server-Side Request Forgery (SSRF) vulnerability in Wangl1989 Mysiteforme 1.0 A vulnerability was found in wangl1989 mysiteforme 1.0. | 8.8 |
| 2025-01-04 | CVE-2025-0206 | Code Projects | Unspecified vulnerability in Code-Projects Online Shoe Store 1.0 A vulnerability classified as critical was found in code-projects Online Shoe Store 1.0. | 8.8 |
| 2025-01-04 | CVE-2024-10932 | The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursive_unserialize_replace' function. | 8.8 | |
| 2025-01-02 | CVE-2024-39623 | Cridio | Cross-Site Request Forgery (CSRF) vulnerability in Cridio Listingpro Cross-Site Request Forgery (CSRF) vulnerability in CridioStudio ListingPro allows Authentication Bypass.This issue affects ListingPro: from n/a through 2.9.4. | 8.8 |
| 2025-01-02 | CVE-2023-45760 | Gvectors | Missing Authorization vulnerability in Gvectors Wpdiscuz Missing Authorization vulnerability in gVectors Team wpDiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through 7.6.3. | 8.8 |
| 2025-01-02 | CVE-2024-37093 | Stylemixthemes | Cross-Site Request Forgery (CSRF) vulnerability in Stylemixthemes Masterstudy LMS Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes MasterStudy LMS allows Cross Site Request Forgery.This issue affects MasterStudy LMS: from n/a through 3.2.1. | 8.8 |
| 2025-01-02 | CVE-2024-37469 | Creativethemes | Cross-Site Request Forgery (CSRF) vulnerability in Creativethemes Blocksy Cross-Site Request Forgery (CSRF) vulnerability in CreativeThemes Blocksy allows Cross Site Request Forgery.This issue affects Blocksy: from n/a through 2.0.22. | 8.8 |
| 2025-01-02 | CVE-2024-56266 | Sonaar | Missing Authorization vulnerability in Sonaar MP3 Audio Player for Music, Radio & Podcast Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.8. | 8.8 |
| 2024-12-31 | CVE-2024-13079 | Phpgurukul | SQL Injection vulnerability in PHPgurukul Land Record System 1.0 A vulnerability was found in PHPGurukul Land Record System 1.0 and classified as critical. | 8.8 |
| 2024-12-31 | CVE-2024-13078 | Phpgurukul | SQL Injection vulnerability in PHPgurukul Land Record System 1.0 A vulnerability has been found in PHPGurukul Land Record System 1.0 and classified as critical. | 8.8 |
| 2024-12-31 | CVE-2024-13070 | Codeastro | Injection vulnerability in Codeastro Online Food Ordering System 1.0 A vulnerability was found in CodeAstro Online Food Ordering System 1.0. | 8.8 |
| 2024-12-31 | CVE-2024-56225 | Leap13 | Missing Authorization vulnerability in Leap13 Premium Addons for Elementor Missing Authorization vulnerability in Leap13 Premium Addons for Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Premium Addons for Elementor: from n/a through 4.10.56. | 8.8 |
| 2024-12-31 | CVE-2024-12838 | The passwordless login mechanism in CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability, allowing remote attackers with regular privileges to send a crafted request to switch to the identity of any user, including administrators. | 8.8 | |
| 2024-12-31 | CVE-2024-12839 | The login mechanism via device authentication of CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability. | 8.8 | |
| 2024-12-31 | CVE-2024-13040 | The QOCA aim from Quanta Computer has an Authorization Bypass Through User-Controlled Key vulnerability. | 8.8 | |
| 2024-12-30 | CVE-2024-13039 | Code Projects | Injection vulnerability in Code-Projects Simple Chat System 1.0 A vulnerability was found in code-projects Simple Chat System 1.0. | 8.8 |
| 2025-01-02 | CVE-2024-55540 | Acronis | Uncontrolled Search Path Element vulnerability in Acronis Cyber Protect 15/16 Local privilege escalation due to DLL hijacking vulnerability. | 7.8 |
| 2025-01-02 | CVE-2024-55543 | Acronis | Uncontrolled Search Path Element vulnerability in Acronis Cyber Protect 15/16 Local privilege escalation due to DLL hijacking vulnerability. | 7.8 |
| 2024-12-30 | CVE-2024-13043 | Watchguard | Link Following vulnerability in Watchguard Panda Dome 22.02.01 Panda Security Dome Link Following Local Privilege Escalation Vulnerability. | 7.8 |
| 2024-12-30 | CVE-2024-13044 | Ashlar | Out-of-bounds Write vulnerability in Ashlar Cobalt 1204.90 Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. | 7.8 |
| 2024-12-30 | CVE-2024-13045 | Ashlar | Out-of-bounds Write vulnerability in Ashlar Cobalt 1204.90 Ashlar-Vellum Cobalt AR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. | 7.8 |
| 2024-12-30 | CVE-2024-13046 | Ashlar | Out-of-bounds Write vulnerability in Ashlar Cobalt 1204.90 Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. | 7.8 |
| 2024-12-30 | CVE-2024-13047 | Ashlar | Type Confusion vulnerability in Ashlar Cobalt 1204.90 Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code Execution Vulnerability. | 7.8 |
| 2024-12-30 | CVE-2024-13048 | Ashlar | Out-of-bounds Write vulnerability in Ashlar Cobalt 1204.90 Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. | 7.8 |
| 2024-12-30 | CVE-2024-13049 | Ashlar | Type Confusion vulnerability in Ashlar Cobalt 1204.90 Ashlar-Vellum Cobalt XE File Parsing Type Confusion Remote Code Execution Vulnerability. | 7.8 |
| 2024-12-30 | CVE-2024-13050 | Ashlar | Out-of-bounds Write vulnerability in Ashlar Graphite 13.0.48 Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. | 7.8 |
| 2024-12-30 | CVE-2024-13051 | Ashlar | Out-of-bounds Write vulnerability in Ashlar Graphite 13.0.48 Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. | 7.8 |
| 2024-12-31 | CVE-2024-45497 | A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. | 7.6 | |
| 2024-12-30 | CVE-2024-13034 | Code Projects | Cross-site Scripting vulnerability in Code-Projects Chat System 1.0 A vulnerability, which was classified as problematic, was found in code-projects Chat System 1.0. | 7.6 |
| 2025-01-04 | CVE-2024-41763 | IBM | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2025-01-04 | CVE-2024-41766 | IBM | Unspecified vulnerability in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression. | 7.5 |
| 2025-01-03 | CVE-2025-0176 | Code Projects | SQL Injection vulnerability in Code-Projects Point of Sales and Inventory Management System 1.0 A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0. | 7.5 |
| 2025-01-02 | CVE-2025-0173 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Online Eyewear Shop 1.0 A vulnerability was found in SourceCodester Online Eyewear Shop 1.0 and classified as critical. | 7.5 |
| 2025-01-02 | CVE-2025-0172 | Code Projects | SQL Injection vulnerability in Code-Projects Chat System 1.0 A vulnerability has been found in code-projects Chat System 1.0 and classified as critical. | 7.5 |
| 2025-01-02 | CVE-2025-0171 | Code Projects | SQL Injection vulnerability in Code-Projects Chat System 1.0 A vulnerability, which was classified as critical, was found in code-projects Chat System 1.0. | 7.5 |
| 2025-01-02 | CVE-2024-13092 | Code Projects | SQL Injection vulnerability in Code-Projects JOB Recruitment 1.0 A vulnerability classified as critical was found in code-projects Job Recruitment 1.0. | 7.5 |
| 2025-01-02 | CVE-2024-13093 | Code Projects | SQL Injection vulnerability in Code-Projects JOB Recruitment 1.0 A vulnerability, which was classified as critical, has been found in code-projects Job Recruitment 1.0. | 7.5 |
| 2025-01-01 | CVE-2025-0168 | Anisha | SQL Injection vulnerability in Anisha JOB Recruitment 1.0 A vulnerability classified as critical has been found in code-projects Job Recruitment 1.0. | 7.5 |
| 2024-12-31 | CVE-2023-6603 | A flaw was found in FFmpeg's HLS playlist parsing. | 7.5 | |
| 2024-12-31 | CVE-2024-12106 | Progress | Missing Authentication for Critical Function vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings. | 7.5 |
| 2024-12-30 | CVE-2024-13036 | Fabianros | SQL Injection vulnerability in Fabianros Chat System 1.0 A vulnerability was found in code-projects Chat System 1.0 and classified as critical. | 7.5 |
| 2025-01-04 | CVE-2024-41767 | IBM | SQL Injection vulnerability in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 is vulnerable to SQL injection. | 7.3 |
| 2025-01-03 | CVE-2024-11733 | The The WordPress Popular Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.1.0. | 7.3 | |
| 2025-01-02 | CVE-2023-46309 | Gvectors | Missing Authorization vulnerability in Gvectors Wpdiscuz Missing Authorization vulnerability in gVectors Team wpDiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through 7.6.10. | 7.3 |
| 2025-01-02 | CVE-2024-56247 | Afthemes | SQL Injection vulnerability in Afthemes WP Post Author Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AF themes WP Post Author allows SQL Injection.This issue affects WP Post Author: from n/a through 3.8.2. | 7.2 |
| 2024-12-30 | CVE-2024-54181 | IBM | OS Command Injection vulnerability in IBM Websphere Automation 1.7.5 IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. | 7.2 |
88 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2025-01-04 | CVE-2024-41765 | IBM | Path Traversal vulnerability in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. | 6.5 |
| 2025-01-04 | CVE-2024-41768 | IBM | Missing Standardized Error Handling Mechanism vulnerability in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause an unhandled SSL exception which could leave the connection in an unexpected or insecure state. | 6.5 |
| 2025-01-04 | CVE-2024-12195 | Wedevs | SQL Injection vulnerability in Wedevs WP Project Manager The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to SQL Injection via the 'project_id' parameter of the /wp-json/pm/v2/projects/2/task-lists REST API endpoint in all versions up to, and including, 2.6.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2025-01-04 | CVE-2025-0201 | Code Projects | SQL Injection vulnerability in Code-Projects Point of Sales and Inventory Management System 1.0 A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as critical. | 6.5 |
| 2025-01-04 | CVE-2025-0200 | Code Projects | SQL Injection vulnerability in Code-Projects Point of Sales and Inventory Management System 1.0 A vulnerability has been found in code-projects Point of Sales and Inventory Management System 1.0 and classified as critical. | 6.5 |
| 2025-01-03 | CVE-2025-0199 | Code Projects | SQL Injection vulnerability in Code-Projects Point of Sales and Inventory Management System 1.0 A vulnerability, which was classified as critical, was found in code-projects Point of Sales and Inventory Management System 1.0. | 6.5 |
| 2025-01-03 | CVE-2025-0198 | Code Projects | SQL Injection vulnerability in Code-Projects Point of Sales and Inventory Management System 1.0 A vulnerability, which was classified as critical, has been found in code-projects Point of Sales and Inventory Management System 1.0. | 6.5 |
| 2025-01-03 | CVE-2025-0197 | Code Projects | SQL Injection vulnerability in Code-Projects Point of Sales and Inventory Management System 1.0 A vulnerability classified as critical was found in code-projects Point of Sales and Inventory Management System 1.0. | 6.5 |
| 2025-01-03 | CVE-2025-0196 | Code Projects | SQL Injection vulnerability in Code-Projects Point of Sales and Inventory Management System 1.0 A vulnerability classified as critical has been found in code-projects Point of Sales and Inventory Management System 1.0. | 6.5 |
| 2025-01-03 | CVE-2025-0195 | Code Projects | SQL Injection vulnerability in Code-Projects Point of Sales and Inventory Management System 1.0 A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0. | 6.5 |
| 2025-01-03 | CVE-2025-0174 | Code Projects | SQL Injection vulnerability in Code-Projects Point of Sales and Inventory Management System 1.0 A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0. | 6.5 |
| 2024-12-31 | CVE-2024-12105 | Progress | Path Traversal vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure. | 6.5 |
| 2024-12-31 | CVE-2024-56216 | Themify | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Themify Builder Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themify Themify Builder allows PHP Local File Inclusion.This issue affects Themify Builder: from n/a through 7.6.3. | 6.5 |
| 2024-12-31 | CVE-2024-56217 | W3Eden | Missing Authorization vulnerability in W3Eden Download Manager Missing Authorization vulnerability in W3 Eden, Inc. | 6.3 |
| 2025-01-04 | CVE-2024-12279 | The WP Social AutoConnect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.2. | 6.1 | |
| 2025-01-04 | CVE-2024-12221 | The Turnkey bbPress by WeaverTheme plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘_wpnonce’ parameter in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. | 6.1 | |
| 2025-01-04 | CVE-2024-11974 | Davidlingren | Cross-site Scripting vulnerability in Davidlingren Media Library Assistant The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘smc_settings_tab', 'unattachfixit-action', and 'woofixit-action’ parameters in all versions up to, and including, 3.23 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-01-04 | CVE-2024-12047 | The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘custom_server’ parameter in all versions up to, and including, 6.30.03 due to insufficient input sanitization and output escaping. | 6.1 | |
| 2025-01-04 | CVE-2024-12701 | The WP Smart Import : Import any XML File to WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ page’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. | 6.1 | |
| 2025-01-03 | CVE-2025-0175 | Anisha | Cross-site Scripting vulnerability in Anisha Online Shop 1.0 A vulnerability was found in code-projects Online Shop 1.0. | 6.1 |
| 2025-01-02 | CVE-2024-55541 | Acronis | Cross-site Scripting vulnerability in Acronis Cyber Protect 15/16 Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. | 6.1 |
| 2024-12-31 | CVE-2024-13082 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Land Record System 1.0 A vulnerability was found in PHPGurukul Land Record System 1.0. | 6.1 |
| 2024-12-31 | CVE-2024-56226 | Royal Elementor Addons | Cross-site Scripting vulnerability in Royal-Elementor-Addons Royal Elementor Addons Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Reflected XSS.This issue affects Royal Elementor Addons: from n/a through 1.7.1001. | 6.1 |
| 2024-12-30 | CVE-2024-13033 | Code Projects | Cross-site Scripting vulnerability in Code-Projects Chat System 1.0 A vulnerability, which was classified as problematic, has been found in code-projects Chat System 1.0. | 6.1 |
| 2025-01-05 | CVE-2025-0222 | I0Bit | NULL Pointer Dereference vulnerability in I0Bit Protected Folder A vulnerability was found in IObit Protected Folder up to 13.6.0.5 and classified as problematic. | 5.5 |
| 2025-01-05 | CVE-2025-0223 | I0Bit | NULL Pointer Dereference vulnerability in I0Bit Protected Folder A vulnerability was found in IObit Protected Folder up to 13.6.0.5. | 5.5 |
| 2025-01-05 | CVE-2025-0221 | I0Bit | NULL Pointer Dereference vulnerability in I0Bit Protected Folder A vulnerability has been found in IOBit Protected Folder up to 1.3.0 and classified as problematic. | 5.5 |
| 2025-01-02 | CVE-2022-49035 | Linux | Allocation of Resources Without Limits or Throttling vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE I expect that the hardware will have limited this to 16, but just in case it hasn't, check for this corner case. | 5.5 |
| 2025-01-05 | CVE-2024-13141 | Osuuu | Cross-site Scripting vulnerability in Osuuu Lightpicture 1.2.0/1.2.1/1.2.2 A vulnerability classified as problematic was found in osuuu LightPicture up to 1.2.2. | 5.4 |
| 2025-01-05 | CVE-2024-13140 | Emlog | Cross-site Scripting vulnerability in Emlog A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.3. | 5.4 |
| 2025-01-05 | CVE-2024-13137 | Wangl1989 | Cross-site Scripting vulnerability in Wangl1989 Mysiteforme 1.0 A vulnerability was found in wangl1989 mysiteforme 1.0. | 5.4 |
| 2025-01-05 | CVE-2024-13135 | Emlog | Cross-site Scripting vulnerability in Emlog 2.4.3 A vulnerability has been found in Emlog Pro 2.4.3 and classified as problematic. | 5.4 |
| 2025-01-05 | CVE-2024-13132 | Emlog | Cross-site Scripting vulnerability in Emlog A vulnerability classified as problematic was found in Emlog Pro up to 2.4.3. | 5.4 |
| 2025-01-04 | CVE-2024-12475 | Wpexperts | Cross-site Scripting vulnerability in Wpexperts WP Multi Store Locator 2.4 The WP Multi Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-01-04 | CVE-2024-11930 | Taskbuilder | Cross-site Scripting vulnerability in Taskbuilder The Taskbuilder – WordPress Project & Task Management plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppm_tasks shortcode in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-01-04 | CVE-2024-12545 | Appsmav | Cross-Site Request Forgery (CSRF) vulnerability in Appsmav Scratch & WIN The Scratch & Win – Giveaways and Contests. | 5.4 |
| 2025-01-03 | CVE-2024-55896 | IBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper restrictions when rendering content via iFrames. | 5.4 | |
| 2025-01-03 | CVE-2024-56410 | Phpoffice | Unspecified vulnerability in PHPoffice PHPspreadsheet PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. | 5.4 |
| 2025-01-03 | CVE-2024-56411 | Phpoffice | Cross-site Scripting vulnerability in PHPoffice PHPspreadsheet PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. | 5.4 |
| 2025-01-03 | CVE-2024-56412 | Phpoffice | Cross-site Scripting vulnerability in PHPoffice PHPspreadsheet PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. | 5.4 |
| 2025-01-03 | CVE-2024-56365 | Phpoffice | Unspecified vulnerability in PHPoffice PHPspreadsheet PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. | 5.4 |
| 2025-01-03 | CVE-2024-56366 | Phpoffice | Unspecified vulnerability in PHPoffice PHPspreadsheet PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. | 5.4 |
| 2025-01-03 | CVE-2024-56409 | Phpoffice | Unspecified vulnerability in PHPoffice PHPspreadsheet PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. | 5.4 |
| 2025-01-03 | CVE-2024-56408 | Phpoffice | Unspecified vulnerability in PHPoffice PHPspreadsheet PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. | 5.4 |
| 2025-01-02 | CVE-2023-23672 | Givewp | Missing Authorization vulnerability in Givewp Missing Authorization vulnerability in Liquid Web / StellarWP GiveWP.This issue affects GiveWP: from n/a through 2.25.1. | 5.4 |
| 2025-01-02 | CVE-2023-45631 | Wpdevart | Missing Authorization vulnerability in Wpdevart Gallery Missing Authorization vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3. | 5.4 |
| 2025-01-02 | CVE-2024-56242 | Tychesoftwares | Cross-site Scripting vulnerability in Tychesoftwares Arconix Shortcodes Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tyche Softwares Arconix Shortcodes allows Stored XSS.This issue affects Arconix Shortcodes: from n/a through 2.1.14. | 5.4 |
| 2025-01-02 | CVE-2024-56252 | Themelooks | Cross-site Scripting vulnerability in Themelooks Enter Addons Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeLooks Enter Addons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.9. | 5.4 |
| 2025-01-02 | CVE-2024-56254 | Moveaddons | Cross-site Scripting vulnerability in Moveaddons Move Addons for Elementor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moveaddons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.3.6. | 5.4 |
| 2025-01-02 | CVE-2024-56259 | Ayecode | Cross-site Scripting vulnerability in Ayecode Geodirectory Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AyeCode - WP Business Directory Plugins GeoDirectory allows Stored XSS.This issue affects GeoDirectory: from n/a through 2.3.84. | 5.4 |
| 2024-12-31 | CVE-2024-56062 | Royal Elementor Addons | Cross-site Scripting vulnerability in Royal-Elementor-Addons Royal Elementor Addons Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through 1.3.987. | 5.4 |
| 2024-12-31 | CVE-2024-56063 | Wpdeveloper | Cross-site Scripting vulnerability in Wpdeveloper Essential Addons for Elementor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through 6.0.7. | 5.4 |
| 2024-12-31 | CVE-2024-13083 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Land Record System 1.0 A vulnerability classified as problematic has been found in PHPGurukul Land Record System 1.0. | 5.4 |
| 2024-12-31 | CVE-2024-13081 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Land Record System 1.0 A vulnerability was found in PHPGurukul Land Record System 1.0. | 5.4 |
| 2024-12-31 | CVE-2024-13080 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Land Record System 1.0 A vulnerability was found in PHPGurukul Land Record System 1.0. | 5.4 |
| 2024-12-31 | CVE-2024-13077 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Land Record System 1.0 A vulnerability, which was classified as problematic, was found in PHPGurukul Land Record System 1.0. | 5.4 |
| 2024-12-31 | CVE-2024-13075 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Land Record System 1.0 A vulnerability classified as problematic was found in PHPGurukul Land Record System 1.0. | 5.4 |
| 2024-12-31 | CVE-2024-13076 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Land Record System 1.0 A vulnerability, which was classified as problematic, has been found in PHPGurukul Land Record System 1.0. | 5.4 |
| 2024-12-31 | CVE-2024-13074 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Land Record System 1.0 A vulnerability classified as problematic has been found in PHPGurukul Land Record System 1.0. | 5.4 |
| 2024-12-31 | CVE-2024-13069 | Rems | Cross-site Scripting vulnerability in Rems Multi Role Login System 1.0 A vulnerability was found in SourceCodester Multi Role Login System 1.0. | 5.4 |
| 2024-12-31 | CVE-2024-56222 | Codebard | Cross-Site Request Forgery (CSRF) vulnerability in Codebard Help Desk Cross-Site Request Forgery (CSRF) vulnerability in Codebard CodeBard Help Desk allows Cross Site Request Forgery.This issue affects CodeBard Help Desk: from n/a through 1.1.1. | 5.4 |
| 2025-01-02 | CVE-2024-13108 | Dlink | Unspecified vulnerability in Dlink Dir-816 Firmware 1.10Cnb05R1B011D88210 A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. | 5.3 |
| 2025-01-02 | CVE-2023-45766 | AYS PRO | Missing Authorization vulnerability in Ays-Pro Poll Maker Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 4.7.1. | 5.3 |
| 2025-01-02 | CVE-2024-13106 | Dlink | Unspecified vulnerability in Dlink Dir-816 Firmware 1.10Cnb05R1B011D88210 A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. | 5.3 |
| 2025-01-02 | CVE-2024-13107 | Dlink | Unspecified vulnerability in Dlink Dir-816 Firmware 1.10Cnb05R1B011D88210 A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. | 5.3 |
| 2025-01-02 | CVE-2024-13104 | Dlink | Unspecified vulnerability in Dlink Dir-816 Firmware 1.10Cnb05R1B011D88210 A vulnerability, which was classified as critical, was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. | 5.3 |
| 2025-01-02 | CVE-2024-13105 | Dlink | Unspecified vulnerability in Dlink Dir-816 Firmware 1.10Cnb05R1B011D88210 A vulnerability has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. | 5.3 |
| 2025-01-02 | CVE-2024-13102 | Dlink | Unspecified vulnerability in Dlink Dir-816 Firmware 1.10Cnb05R1B011D88210 A vulnerability classified as critical was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. | 5.3 |
| 2025-01-02 | CVE-2024-13103 | Dlink | Unspecified vulnerability in Dlink Dir-816 Firmware 1.10Cnb05R1B011D88210 A vulnerability, which was classified as critical, has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. | 5.3 |
| 2024-12-31 | CVE-2023-6602 | A flaw was found in FFmpeg's TTY Demuxer. | 5.3 | |
| 2024-12-31 | CVE-2024-13067 | Codeastro | Unspecified vulnerability in Codeastro Online Food Ordering System 1.0 A vulnerability was found in CodeAstro Online Food Ordering System 1.0 and classified as critical. | 5.3 |
| 2024-12-30 | CVE-2024-13032 | Antabot | Server-Side Request Forgery (SSRF) vulnerability in Antabot White-Jotter A vulnerability classified as problematic was found in Antabot White-Jotter up to 0.2.2. | 4.9 |
| 2025-01-05 | CVE-2024-13142 | Zerowdd | Cross-site Scripting vulnerability in Zerowdd Studentmanager 1.0 A vulnerability was found in ZeroWdd studentmanager 1.0. | 4.8 |
| 2025-01-05 | CVE-2025-0228 | Code Projects | Cross-site Scripting vulnerability in Code-Projects Local Storage Todo APP 1.0 A vulnerability has been found in code-projects Local Storage Todo App 1.0 and classified as problematic. | 4.8 |
| 2025-01-02 | CVE-2024-56237 | Contest Gallery | Cross-site Scripting vulnerability in Contest-Gallery Contest Gallery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Contest Gallery Contest Gallery allows Stored XSS.This issue affects Contest Gallery: from n/a through 24.0.3. | 4.8 |
| 2024-12-30 | CVE-2024-13031 | Antabot | Cross-site Scripting vulnerability in Antabot White-Jotter A vulnerability classified as problematic has been found in Antabot White-Jotter up to 0.2.2. | 4.8 |
| 2025-01-03 | CVE-2024-41780 | IBM | Privacy Violation vulnerability in IBM Jazz Foundation 7.0.2/7.0.3/7.1.0 IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could could allow a physical user to obtain sensitive information due to not masking passwords during entry. | 4.6 |
| 2025-01-03 | CVE-2024-12237 | The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.15 via the rjg_get_youtube_info_justified_gallery_callback function. | 4.3 | |
| 2025-01-03 | CVE-2024-5591 | IBM | Information Exposure Through an Error Message vulnerability in IBM Jazz Foundation 7.0.2/7.0.3/7.1.0 IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.3 |
| 2025-01-03 | CVE-2024-12132 | Wpjobportal | Authorization Bypass Through User-Controlled Key vulnerability in Wpjobportal WP JOB Portal The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.4 due to missing validation on a user controlled key. | 4.3 |
| 2025-01-02 | CVE-2023-45272 | 10Web | Missing Authorization vulnerability in 10Web MAP Builder for Google Maps Missing Authorization vulnerability in 10Web 10Web Map Builder for Google Maps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.73. | 4.3 |
| 2025-01-02 | CVE-2023-47807 | 10Web | Missing Authorization vulnerability in 10Web 10Webanalytics Missing Authorization vulnerability in 10Web 10WebAnalytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10WebAnalytics: from n/a through 1.2.12. | 4.3 |
| 2025-01-02 | CVE-2023-45101 | Cusrev | Missing Authorization vulnerability in Cusrev Customer Reviews for Woocommerce Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customer Reviews for WooCommerce: from n/a through 5.36.0. | 4.3 |
| 2025-01-02 | CVE-2023-45765 | Wedevs | Missing Authorization vulnerability in Wedevs WP ERP Missing Authorization vulnerability in weDevs WP ERP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through 1.12.6. | 4.3 |
| 2025-01-02 | CVE-2023-46628 | Redlettuce | Missing Authorization vulnerability in Redlettuce WP Word Count Missing Authorization vulnerability in RedLettuce Plugins WP Word Count allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Word Count: from n/a through 3.2.4. | 4.3 |
| 2025-01-02 | CVE-2024-37235 | Groundhogg | Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg Inc. | 4.3 |
| 2024-12-31 | CVE-2024-56227 | Royal Elementor Addons | Missing Authorization vulnerability in Royal-Elementor-Addons Royal Elementor Addons Missing Authorization vulnerability in WP Royal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royal Elementor Addons: from n/a through 1.7.1001. | 4.3 |
| 2024-12-31 | CVE-2024-56229 | Searchiq | Cross-Site Request Forgery (CSRF) vulnerability in Searchiq Cross-Site Request Forgery (CSRF) vulnerability in Searchiq SearchIQ.This issue affects SearchIQ: from n/a through 4.6. | 4.3 |
0 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|