Security Vulnerabilities - CVEs Published In January 2025
Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
6.8
EPSS Score
0.0
Published
2025-01-08
The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Remote Code Execution in version 3.0.11. This is due to a missing capability check on the 'wpext_handle_snippet_update' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute code on the server providing an admin has created at least one code snippet.
CVSS Score
8.8
EPSS Score
0.035
Published
2025-01-08
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on several functions in all versions up to, and including, 3.0.11. This makes it possible for authenticated attackers, with subscriber-level access and above, to import and activate arbitrary code snippets along with
CVSS Score
7.4
EPSS Score
0.0
Published
2025-01-08
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handle_export_form() function due to a missing capability check. This makes it possible for unauthenticated attackers to export data from password protected, private, or draft posts that they should not have access to.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-01-08
Vulnerability of variables not being initialized in the notification module
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
4.0
EPSS Score
0.0
Published
2025-01-08
Vulnerability of improper permission control in the window management module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-01-08
Access control vulnerability in the identity authentication module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-01-08
Permission control vulnerability in the Connectivity module
Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
CVSS Score
6.2
EPSS Score
0.0
Published
2025-01-08
Race condition vulnerability in the Bastet module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
4.1
EPSS Score
0.0
Published
2025-01-08
Vulnerability of native APIs not being implemented in the NFC service module
Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-01-08