0.0
CVE-2025-22860 -
Not used
0.0
CVE-2025-22861 -
Not used
8.8
CVE-2024-12853 - Modula Image Gallery <= 2.11.10 - Authenticated (Author+) Arbitrary File Upload
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up to, and including, 2.11.10. This makes it possible for authenticated attackers, with Author-level access and above, to upload โฆ
8.8
CVE-2024-12854 - Garden Gnome Package <= 2.3.0 - Authenticated (Author+) Arbitrary File Upload
The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the functionality that automatically extracts 'ggpkg' files that have been uploaded in all versions up to, and including, 2.3.0. This makes it possible for authenticated attaโฆ
5.3
CVE-2024-12712 - Shopping Cart & eCommerce Store <= 5.7.8 - Missing Authorization to Order Updates
The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the webhook function in all versions up to, and including, 5.7.8. This makes it possible for unauthenticated attackers to modify order statuses.
8.1
CVE-2024-45033 - Apache Airflow Fab Provider: Application does not invalidate session after password change via Airfโฆ
Insufficient Session Expiration vulnerability in Apache Airflow Fab Provider. This issue affects Apache Airflow Fab Provider: before 1.5.2. When user password has been changed with admin CLI, the sessions for that user have not been cleared, leading to insufficient session expiration, thus loggedโฆ
9.8
CVE-2024-54676 - Apache OpenMeetings: Deserialisation of untrusted data in cluster mode
Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html ย doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrustedโฆ
6.3
CVE-2024-13186 - MinigameCenter information leakage vulnerability
The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage.
4.3
CVE-2024-12855 - AdForest - Classified Ads WordPress Theme <= 5.1.7 - Missing Authorization to Authenticated (Subscrโฆ
The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions like 'sb_remove_ad' in all versions up to, and including, 5.1.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, โฆ
7.5
CVE-2024-11939 - Cost Calculator Builder PRO <= 3.2.15 - Unauthenticated SQL Injection via data
The Cost Calculator Builder PRO plugin for WordPress is vulnerable to blind time-based SQL Injection via the โdataโ parameter in all versions up to, and including, 3.2.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This mโฆ