5.6

CVSS3.1

CVE-2024-13772 - Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.4 - Authentication Bypass via Non-R…

The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of randomization of a password created during Single Sign-On via Google or Facebook. This makes it possible for…

📅 Published: March 14, 2025, 11:15 a.m. 🔄 Last Modified: March 14, 2025, 12:35 p.m.

9.8

CVSS3.1

CVE-2025-2232 - Realteo - Real Estate Plugin by Purethemes <= 1.2.8 - Authentication Bypass via 'do_register_user'

The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'do_register_user' function. This makes it possible for unauthentic…

📅 Published: March 14, 2025, 11:15 a.m. 🔄 Last Modified: March 14, 2025, 12:42 p.m.

9.8

CVSS3.1

CVE-2024-13771 - Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.4 - Authentication Bypass via Passw…

The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of user validation before changing a password. This makes it possible for unauthenticated attackers to change t…

📅 Published: March 14, 2025, 11:15 a.m. 🔄 Last Modified: March 14, 2025, 12:15 p.m.

8.8

CVSS3.1

CVE-2024-12810 - JobCareer | Job Board Responsive WordPress Theme <= 7.1 - Missing Authorization to Authenticated (S…

The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 7.1. This makes it possible for authenticated attackers, with …

📅 Published: March 14, 2025, 11:15 a.m. 🔄 Last Modified: March 14, 2025, 12:51 p.m.

6.9

CVSS3.1

CVE-2024-26006 -

An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS version 7.4.3 and below, version 7.2.7 and below, version 7.0.13 and below and FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below web SSL VPN UI may allow a remote una…

📅 Published: March 14, 2025, 9:24 a.m. 🔄 Last Modified: March 14, 2025, 1:09 p.m.

5.3

CVSS3.1

CVE-2025-1507 - ShareThis Dashboard for Google Analytics <= 3.2.1 - Missing Authorization to Unauthenticated Featur…

The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_actions() function in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to disable all fe…

📅 Published: March 14, 2025, 8:23 a.m. 🔄 Last Modified: March 14, 2025, 1:11 p.m.

4.3

CVSS3.1

CVE-2024-13407 - Omnipress <= 1.5.4 - Authenticated (Contributor+) Post Disclosure

The Omnipress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.4 via the megamenu block due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, t…

📅 Published: March 14, 2025, 7:23 a.m. 🔄 Last Modified: March 14, 2025, 1:17 p.m.

7.5

CVSS3.1

CVE-2024-13321 - AnalyticsWP <= 2.0.0 - Unauthenticated SQL Injection

The AnalyticsWP plugin for WordPress is vulnerable to SQL Injection via the 'custom_sql' parameter in all versions up to, and including, 2.0.0 due to insufficient authorization checks on the handle_get_stats() function. This makes it possible for unauthenticated attackers to append additional SQL …

📅 Published: March 14, 2025, 7:23 a.m. 🔄 Last Modified: March 14, 2025, 1:30 p.m.

6.4

CVSS3.1

CVE-2025-1526 - DethemeKit for Elementor <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The DethemeKit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the De Product Display Widget (countdown feature) in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attac…

📅 Published: March 14, 2025, 7:23 a.m. 🔄 Last Modified: March 14, 2025, 2:51 p.m.

9.8

CVSS3.1

CVE-2024-13824 - CiyaShop - Multipurpose WooCommerce Theme <= 4.19.0 - Unauthenticated PHP Object Injection

The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.19.0 via deserialization of untrusted input in the 'add_ciyashop_wishlist' and 'ciyashop_get_compare' functions. This makes it possible for unauthenticated…

📅 Published: March 14, 2025, 6:43 a.m. 🔄 Last Modified: March 14, 2025, 2:54 p.m.
Total resulsts: 285299
Page 5 of 28,530
« previous page » next page
Filters