Skip to main content
CVE-2024-12877 CRITICAL PATCH This Week

The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 via deserialization of untrusted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 27.5%.

RCE Deserialization WordPress PHP Givewp
NVD
CVSS 3.1
9.8
EPSS
27.5%
CVE-2025-0103 CRITICAL This Week

An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations,. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto SQLi Expedition
NVD
CVSS 4.0
9.2
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy