Medium - CVE-2025-1572 - The KiviCare – Clinic & Patient Management...
The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the ‘u_id’ parameter in all versions up to, and including, 3.6.7 due to insufficient...
Medium - CVE-2024-13469 - The Pricing Table by PickPlugins plugin for...
The Pricing Table by PickPlugins plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button Link in all versions up to, and including, 1.12.10 due to insufficient input...
Medium - CVE-2024-13638 - The Order Attachments for WooCommerce plugin...
The Order Attachments for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.1 via the 'uploads' directory. This...
Medium - CVE-2024-13716 - The Forex Calculators plugin for WordPress is...
The Forex Calculators plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_settings_callback() function in all versions up to, and...
High - CVE-2024-13831 - The Tabs for WooCommerce plugin for WordPress...
The Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input in the...
Medium - CVE-2024-13832 - The Ultra Addons Lite for Elementor plugin for...
The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.8 via the 'ut_elementor' shortcode due to...
Medium - CVE-2024-13851 - The Modal Portfolio plugin for WordPress is...
The Modal Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7.4.2 due to insufficient input sanitization and output escaping. This...
Critical - CVE-2024-8420 - The DHVC Form plugin for WordPress is...
The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. This is due to the plugin allowing a user to supply the 'role' field...
Critical - CVE-2024-8425 - The WooCommerce Ultimate Gift Card plugin for...
The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwb_wgm_preview_mail' and...
Medium - CVE-2024-9019 - The SecuPress Free — WordPress Security plugin...
The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's secupress_check_ban_ips_form shortcode in all versions up to, and...