CVE Feeds

Latest CVEs

Updates on the latest vulnerabilities detected.
  • CVE ID :CVE-2025-0968
    Published : Feb. 19, 2025, 12:15 p.m. | 2 hours, 1 minute ago
    Description :The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.0 due to a missing capability checks on the get_megamenu_content() function. This makes it possible for unauthenticated attackers to view any item created in Elementor, such as posts, pages and templates including drafts, trashed and private items.
    Severity: 5.3 | MEDIUM
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2025-0916
    Published : Feb. 19, 2025, 12:15 p.m. | 2 hours, 1 minute ago
    Description :The YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 2.4.9 to 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: The vulnerability has been initially patched in version 2.4.8 and was reintroduced in version 2.4.9 with the removal of the wp_kses_post() built-in WordPress sanitization function.
    Severity: 7.2 | HIGH
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2024-13534
    Published : Feb. 19, 2025, 12:15 p.m. | 2 hours, 1 minute ago
    Description :The Small Package Quotes – Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 5.2.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
    Severity: 7.5 | HIGH
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2024-13533
    Published : Feb. 19, 2025, 12:15 p.m. | 2 hours, 1 minute ago
    Description :The Small Package Quotes – USPS Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 1.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
    Severity: 7.5 | HIGH
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2024-13491
    Published : Feb. 19, 2025, 12:15 p.m. | 2 hours, 1 minute ago
    Description :The Small Package Quotes – For Customers of FedEx plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
    Severity: 7.5 | HIGH
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2024-13485
    Published : Feb. 19, 2025, 12:15 p.m. | 2 hours, 1 minute ago
    Description :The LTL Freight Quotes – ABF Freight Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
    Severity: 7.5 | HIGH
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2024-13483
    Published : Feb. 19, 2025, 12:15 p.m. | 2 hours, 1 minute ago
    Description :The LTL Freight Quotes – SAIA Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 2.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
    Severity: 7.5 | HIGH
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2024-13481
    Published : Feb. 19, 2025, 12:15 p.m. | 2 hours, 1 minute ago
    Description :The LTL Freight Quotes – R+L Carriers Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
    Severity: 7.5 | HIGH
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2024-13479
    Published : Feb. 19, 2025, 12:15 p.m. | 2 hours, 1 minute ago
    Description :The LTL Freight Quotes – SEFL Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.2.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
    Severity: 7.5 | HIGH
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2024-13478
    Published : Feb. 19, 2025, 12:15 p.m. | 2 hours, 1 minute ago
    Description :The LTL Freight Quotes – TForce Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
    Severity: 7.5 | HIGH
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2025-1075
    Published : Feb. 19, 2025, 10:15 a.m. | 4 hours, 1 minute ago
    Description :Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions 2.3.0p27, 2.2.0p40,and 2.1.0p51 (EOL) causes LDAP credentials to be written to Apche error log file accessible to administrators.
    Severity: 0.0 | NA
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2024-13489
    Published : Feb. 19, 2025, 10:15 a.m. | 4 hours, 1 minute ago
    Description :The LTL Freight Quotes – Old Dominion Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
    Severity: 7.5 | HIGH
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2025-1135
    Published : Feb. 19, 2025, 9:15 a.m. | 5 hours, 1 minute ago
    Description :A vulnerability exists in ChurchCRM 5.13.0. and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the BatchWinnerEntry functionality. The CurrentFundraiser parameter is directly concatenated into an SQL query without sufficient sanitization, allowing an attacker to manipulate database queries and execute arbitrary commands, potentially leading to data exfiltration, modification, or deletion. Please note the vulnerability requires Administrator privileges.
    Severity: 0.0 | NA
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2025-1134
    Published : Feb. 19, 2025, 9:15 a.m. | 5 hours, 1 minute ago
    Description :A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the DonatedItemEditor functionality. The CurrentFundraiser parameter is directly concatenated into an SQL query without sufficient sanitization, allowing an attacker to manipulate database queries and execute arbitrary commands, potentially leading to data exfiltration, modification, or deletion. Please note that this vulnerability requires Administrator privileges.
    Severity: 0.0 | NA
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2025-1133
    Published : Feb. 19, 2025, 9:15 a.m. | 5 hours, 1 minute ago
    Description :A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based blind SQL Injection vulnerability in the EditEventAttendees functionality. The EID parameter is directly concatenated into an SQL query without proper sanitization, making it susceptible to SQL injection attacks. An attacker can manipulate the query, potentially leading to data exfiltration, modification, or deletion.  Please note that this vulnerability requires Administrator privileges.
    Severity: 0.0 | NA
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2025-1132
    Published : Feb. 19, 2025, 9:15 a.m. | 5 hours, 1 minute ago
    Description :A time-based blind SQL Injection vulnerability exists in the ChurchCRM 5.13.0 and prior EditEventAttendees.php within the EN_tyid parameter. The parameter is directly inserted into an SQL query without proper sanitization, allowing attackers to inject malicious SQL commands. Please note that the vulnerability requires Administrator permissions. This flaw can potentially allow attackers to delay the response, indicating the presence of an SQL injection vulnerability. While it is a time-based blind injection, it can be exploited to gain insights into the underlying database, and with further exploitation, sensitive data could be retrieved.
    Severity: 0.0 | NA
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2025-1024
    Published : Feb. 19, 2025, 9:15 a.m. | 5 hours, 1 minute ago
    Description :A vulnerability exists in ChurchCRM 5.13.0 that allows an attacker to execute arbitrary JavaScript in a victim's browser via Reflected Cross-Site Scripting (XSS) in the EditEventAttendees.php page. This requires Administration privileges and affects the EID parameter. The flaw allows an attacker to steal session cookies, perform actions on behalf of an authenticated user, and gain unauthorized access to the application.
    Severity: 0.0 | NA
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2025-1007
    Published : Feb. 19, 2025, 9:15 a.m. | 5 hours, 1 minute ago
    Description :In OpenVSX version v0.9.0 to v0.20.0, the /user/namespace/{namespace}/details API allows a user to edit all namespace details, even if the user is not a namespace Owner or Contributor. The details include: name, description, website, support link and social media links. The same issues existed in /user/namespace/{namespace}/details/logo and allowed a user to change the logo.
    Severity: 0.0 | NA
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2024-13364
    Published : Feb. 19, 2025, 9:15 a.m. | 5 hours, 1 minute ago
    Description :The Raptive Ads plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the site_ads_files_reset() and cls_file_reset() functions in all versions up to, and including, 3.6.3. This makes it possible for unauthenticated attackers to reset the ad and cls files.
    Severity: 5.3 | MEDIUM
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2024-13363
    Published : Feb. 19, 2025, 9:15 a.m. | 5 hours, 1 minute ago
    Description :The Raptive Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'poc' parameter in all versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
    Severity: 6.1 | MEDIUM
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Information

Vortech Consulting is a network security and design consulting firm originally founded in 1997. Over our nearly 30 year history we have provided security services and products for a wide variety of companies around the globe.

Who's Online

We have 891 guests and no members online