9.8
CVE-2024-13147 - SQLi in Merkur Software's B2B Login Panel
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Merkur Software B2B Login Panel allows SQL Injection.This issue affects B2B Login Panel: before 15.01.2025.
9.8
CVE-2024-12097 - SQLi in Boceksoft Informatics' E-Travel
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Boceksoft Informatics E-Travel allows SQL Injection.This issue affects E-Travel: before 15.12.2024.
7.6
CVE-2024-11216 - Broken Access Control in PozitifIK's Pik Online
Authorization Bypass Through User-Controlled Key, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in PozitifIK Pik Online allows Account Footprinting, Session Hijacking.This issue affects Pik Online: before 3.1.5.
5.4
CVE-2024-12650 - Wago: Vulnerability in libwagosnmp
An attacker with low privileges can manipulate the requested memory size, causing the application to use an invalid memory area. This could lead to a crash of the application but it does not affected other applications.
5.3
CVE-2024-11153 - Content Control โ The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Bloโฆ
The Content Control โ The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.0 via the WordPress core search feature. This makes it possible for unauthโฆ
9.8
CVE-2024-11951 - Homey Login Register <= 2.4.0 - Unauthenticated Privilege Escalation in homey_register
The Homey Login Register plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.0. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated priโฆ
9.8
CVE-2024-12281 - Homey <= 2.4.2 - Unauthenticated Privilege Escalation in homey_save_profile
The Homey theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.2. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated privileges by creatโฆ
7.5
CVE-2025-1702 - Ultimate Member <= 2.10.0 - Unauthenticated SQL Injection via search Parameter
The Ultimate Member โ User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'search' parameter in all versions up to, and including, 2.10.0 due to insufficient escaping on the user suppliedโฆ
5.3
CVE-2024-13423 - Sparkling <= 2.4.9 - Missing Authorization to Unauthenticated Arbitrary Plugin Activation/Deactivatโฆ
The Sparkling theme for WordPress is vulnerable to unauthorized plugin activation/deactivation due to a missing capability check on the 'sparkling_activate_plugin' and 'sparkling_deactivate_plugin' functions in versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackeโฆ
7.5
CVE-2024-13471 - DesignThemes Core Features <= 4.7 - Missing Authorization to Unauthenticated Arbitrary File Read viโฆ
The DesignThemes Core Features plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dt_process_imported_file function in all versions up to, and including, 4.7. This makes it possible for unauthenticated attackers to read arbitrary files on the โฆ