5.3
CVE-2025-0955 - VidoRev Extensions <= 2.9.9.9.9.9.5 - Missing Authorization to Unauthenticated Youtube Video Import
The VidoRev Extensions plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'vidorev_import_single_video' AJAX action in all versions up to, and including, 2.9.9.9.9.9.5. This makes it possible for unauthenticated attackers to import arbitrary youtube vβ¦
7.5
CVE-2024-11283 - WP JobHunt <= 7.1 - Authentication Bypass to Candidate
The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to wp_ajax_google_api_login_callback function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackersβ¦
9.8
CVE-2024-11286 - WP JobHunt <= 7.1 - Authentication Bypass
The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the cs_parse_request() function. This makes it possible for unauthenticated aβ¦
6.1
CVE-2025-2166 - CM FAQ β Simplify support with an intuitive FAQ management tool <= 1.2.5 - Reflected Cross-Site Scβ¦
The CM FAQ β Simplify support with an intuitive FAQ management tool plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticateβ¦
9.8
CVE-2024-11284 - WP JobHunt <= 7.1 - Unauthenticated Privilege Escalation via Password Reset/Account Takeover
The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.9. This is due to the plugin not properly validating a user's identity prior to updating their password through the account_settings_save_callback() function. This β¦
4.3
CVE-2025-1528 - Search and filter pro <= 2.5.19 - Missing Authorization to Authenticated (Subscriber+) Post Meta Exβ¦
The Search & Filter Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_meta_values' function in all versions up to, and including, 2.5.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to β¦
5.3
CVE-2025-1285 - Resido - Real Estate WordPress Theme <= 3.6 - Missing Authorization to Unauthenticated Server-Side β¦
The Resido - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the delete_api_key and save_api_key AJAX actions in all versions up to, and including, 3.6. This makes it possible for unauthenticated attackers to issue requests tβ¦
9.8
CVE-2024-11285 - WP JobHunt <= 7.1 - Unauthenticated Privilege Escalation via Email Update/Account Takeover
The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the account_settings_callback() function. Thisβ¦
7.8
CVE-2024-55549 -
xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.
0.0
CVE-2025-26312 -
SendQuick Entera devices before 11HF5 are vulnerable to CAPTCHA bypass via the captcha parameter