ID: CVE-2025-1464
CVSS V4.0: MEDIUM
A vulnerability, which was classified as critical, has been found in Baiyi Cloud Asset Management System up to 20250204. This issue affects some unknown processing of the file /wuser/admin.house.collect.php. The manipulation of...
#security #infosec #cve-alert
19.02.2025 14:15 β π 0 π 0 π¬ 0 π 0
ID: CVE-2025-0968
CVSS V3.1: MEDIUM
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.0 due to a missing capability checks on the get_megamenu_content() function. This...
#security #infosec #cve-alert
19.02.2025 12:16 β π 0 π 0 π¬ 0 π 0
ID: CVE-2025-0916
CVSS V3.1: HIGH
The YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 2.4.9 to 2.6.2 due to insufficient input...
#security #infosec #cve-alert
19.02.2025 12:16 β π 0 π 0 π¬ 0 π 0
ID: CVE-2024-13534
CVSS V3.1: HIGH
The Small Package Quotes β Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 5.2.18 due to insufficient...
#security #infosec #cve-alert
19.02.2025 12:15 β π 0 π 0 π¬ 0 π 0
ID: CVE-2024-13533
CVSS V3.1: HIGH
The Small Package Quotes β USPS Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 1.3.5 due to insufficient escaping on the user supplied parameter and...
#security #infosec #cve-alert
19.02.2025 12:15 β π 0 π 0 π¬ 0 π 0
ID: CVE-2024-13491
CVSS V3.1: HIGH
The Small Package Quotes β For Customers of FedEx plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.3.1 due to insufficient escaping on...
#security #infosec #cve-alert
19.02.2025 12:15 β π 0 π 0 π¬ 0 π 0
ID: CVE-2024-13485
CVSS V3.1: HIGH
The LTL Freight Quotes β ABF Freight Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.7 due to insufficient escaping on the...
#security #infosec #cve-alert
19.02.2025 12:15 β π 0 π 0 π¬ 0 π 0
ID: CVE-2024-13483
CVSS V3.1: HIGH
The LTL Freight Quotes β SAIA Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 2.2.10 due to insufficient escaping on the user...
#security #infosec #cve-alert
19.02.2025 12:15 β π 0 π 0 π¬ 0 π 0
ID: CVE-2024-13481
CVSS V3.1: HIGH
The LTL Freight Quotes β R+L Carriers Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.4 due to insufficient escaping on the...
#security #infosec #cve-alert
19.02.2025 12:15 β π 0 π 0 π¬ 0 π 0
ID: CVE-2024-13479
CVSS V3.1: HIGH
The LTL Freight Quotes β SEFL Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.2.4 due to insufficient escaping on the user...
#security #infosec #cve-alert
19.02.2025 12:15 β π 0 π 0 π¬ 0 π 0
ID: CVE-2024-13478
CVSS V3.1: HIGH
The LTL Freight Quotes β TForce Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.6.4 due to insufficient escaping on the user...
#security #infosec #cve-alert
19.02.2025 12:15 β π 0 π 0 π¬ 0 π 0
ID: CVE-2025-1075
CVSS V4.0: MEDIUM
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p27, <2.2.0p40, and 2.1.0p51 (EOL) causes LDAP credentials to be written to Apache error log file accessible to administrators.
#security #infosec #cve-alert
19.02.2025 10:15 β π 0 π 0 π¬ 0 π 0
ID: CVE-2024-13489
CVSS V3.1: HIGH
The LTL Freight Quotes β Old Dominion Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.2.10 due to insufficient escaping on...
#security #infosec #cve-alert
19.02.2025 10:15 β π 0 π 0 π¬ 0 π 0
ID: CVE-2025-1135
CVSS V4.0: CRITICAL
A vulnerability exists in ChurchCRM 5.13.0. and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the...
#security #infosec #cve-alert
19.02.2025 09:15 β π 0 π 0 π¬ 0 π 0
ID: CVE-2025-1134
CVSS V4.0: CRITICAL
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the...
#security #infosec #cve-alert
19.02.2025 09:15 β π 0 π 0 π¬ 0 π 0
ID: CVE-2025-1133
CVSS V4.0: CRITICAL
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based blind SQL Injection vulnerability in the EditEventAttendees functionality....
#security #infosec #cve-alert
19.02.2025 09:15 β π 0 π 0 π¬ 0 π 0
ID: CVE-2025-1132
CVSS V4.0: CRITICAL
A time-based blind SQL Injection vulnerability exists in the ChurchCRM 5.13.0 and prior EditEventAttendees.php within the EN_tyid parameter. The parameter is directly inserted into an SQL query without proper...
#security #infosec #cve-alert
19.02.2025 09:15 β π 0 π 0 π¬ 0 π 0
ID: CVE-2025-1024
CVSS V4.0: HIGH
A vulnerability exists in ChurchCRM 5.13.0 that allows an attacker to execute arbitrary JavaScript in a victim's browser via Reflected Cross-Site Scripting (XSS) in the EditEventAttendees.php page. This requires...
#security #infosec #cve-alert
19.02.2025 09:15 β π 0 π 0 π¬ 0 π 0
ID: CVE-2025-1007
CVSS V4.0: MEDIUM
In OpenVSX version v0.9.0 to v0.20.0, the /user/namespace/{namespace}/details API allows a user to edit all namespace details, even if the user is not a namespace Owner or Contributor. The details include: name, description,...
#security #infosec #cve-alert
19.02.2025 09:15 β π 0 π 0 π¬ 0 π 0
ID: CVE-2024-13364
CVSS V3.1: MEDIUM
The Raptive Ads plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the site_ads_files_reset() and cls_file_reset() functions in all versions up to, and including, 3.6.3. This makes it...
#security #infosec #cve-alert
19.02.2025 09:15 β π 0 π 0 π¬ 0 π 0
ID: CVE-2024-13363
CVSS V3.1: MEDIUM
The Raptive Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'poc' parameter in all versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping. This makes it...
#security #infosec #cve-alert
19.02.2025 09:15 β π 0 π 0 π¬ 0 π 0
ID: CVE-2024-13339
CVSS V3.1: MEDIUM
The DeBounce Email Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.6. This is due to missing or incorrect nonce validation on the 'debounce_email_validator'...
#security #infosec #cve-alert
19.02.2025 09:15 β π 0 π 0 π¬ 0 π 0
ID: CVE-2024-13336
CVSS V3.1: MEDIUM
The Disable Auto Updates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'disable-auto-updates' page. This...
#security #infosec #cve-alert
19.02.2025 09:15 β π 0 π 0 π¬ 0 π 0
ID: CVE-2024-13231
CVSS V3.1: MEDIUM
The WordPress Portfolio Builder β Portfolio Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_video' function in all versions up to, and including,...
#security #infosec #cve-alert
19.02.2025 09:15 β π 0 π 0 π¬ 0 π 0
ID: CVE-2025-0865
CVSS V3.1: MEDIUM
The WP Media Category Management plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.0 to 2.3.3. This is due to missing or incorrect nonce validation on the wp_mcm_handle_action_settings() function....
#security #infosec #cve-alert
19.02.2025 08:16 β π 0 π 0 π¬ 0 π 0
ID: CVE-2024-13854
CVSS V3.1: MEDIUM
The Education Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.1 via the naedu_elementor_template shortcode due to missing validation on a user...
#security #infosec #cve-alert
19.02.2025 08:16 β π 0 π 0 π¬ 0 π 0
ID: CVE-2024-13736
CVSS V3.1: MEDIUM
The Pure Chat β Live Chat & More! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βpurechatWidgetNameβ parameter in all versions up to, and including, 2.31 due to insufficient input sanitization and...
#security #infosec #cve-alert
19.02.2025 08:16 β π 0 π 0 π¬ 0 π 0
ID: CVE-2024-13719
CVSS V3.1: MEDIUM
The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.8 via the invoicing viewer due to missing validation on a user controlled key. This...
#security #infosec #cve-alert
19.02.2025 08:16 β π 0 π 0 π¬ 0 π 0
ID: CVE-2024-13712
CVSS V3.1: MEDIUM
The Pollin plugin for WordPress is vulnerable to SQL Injection via the 'question' parameter in all versions up to, and including, 1.01.1 due to insufficient escaping on the user supplied parameter and lack of sufficient...
#security #infosec #cve-alert
19.02.2025 08:16 β π 0 π 0 π¬ 0 π 0
ID: CVE-2024-13711
CVSS V3.1: MEDIUM
The Pollin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'question' parameter in all versions up to, and including, 1.01.1 due to insufficient input sanitization and output escaping. This makes it...
#security #infosec #cve-alert
19.02.2025 08:16 β π 0 π 0 π¬ 0 π 0
