8.8

CVSS3.1

CVE-2025-2103 - SoundRise Music <= 1.7 - Authenticated (Subscriber+) Arbitrary Options Update

The SoundRise Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on theironMusic_ajax() function in all versions up to, and including, 1.6.11. This makes it possible for authenticated attackers, with …

📅 Published: March 14, 2025, 5:24 a.m. 🔄 Last Modified: March 14, 2025, 3:08 p.m.

8.8

CVSS3.1

CVE-2024-13376 - Industrial <= 1.7.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

The Industrial theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the _ajax_get_total_content_import_items() function in all versions up to, and including, 1.7.8. This makes it possible for authenticated …

📅 Published: March 14, 2025, 5:24 a.m. 🔄 Last Modified: March 14, 2025, 3:12 p.m.

8.1

CVSS3.1

CVE-2025-0952 - Eco Nature - Environment & Ecology WordPress Theme <= 2.0.4 - Missing Authorization to Authenticate…

The Eco Nature - Environment & Ecology WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cmsmasters_hide_admin_notice' AJAX action in all versions up to, and including, 2.0.4. This ma…

📅 Published: March 14, 2025, 5:24 a.m. 🔄 Last Modified: March 14, 2025, 1:33 p.m.

4.3

CVSS3.1

CVE-2025-2289 - Zegen - Church WordPress Theme <= 1.1.9 - Missing Authorization to Authenticated (Subscriber+) Them…

The Zegen - Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import,…

📅 Published: March 14, 2025, 5:24 a.m. 🔄 Last Modified: March 14, 2025, 6:15 a.m.

7.5

CVSS3.1

CVE-2025-1764 - LoginPress <= 3.3.1 - Cross-Site Request Forgery to Arbitrary Options Update

The LoginPress | wp-login Custom Login Page Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.1. This is due to missing or incorrect nonce validation on the 'custom_plugin_set_option' function. This makes it possible for unauthenti…

📅 Published: March 14, 2025, 5:24 a.m. 🔄 Last Modified: March 14, 2025, 1:44 p.m.

7.5

CVSS3.1

CVE-2025-2056 - WP Ghost <= 5.4.01 - Unauthenticated Limited File Read

The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 5.4.01 via the showFile function. This makes it possible for unauthenticated attackers to read the contents of specific file types on the server, which ca…

📅 Published: March 14, 2025, 4:22 a.m. 🔄 Last Modified: March 14, 2025, 1:45 p.m.

5.3

CVSS3.1

CVE-2025-0955 - VidoRev Extensions <= 2.9.9.9.9.9.5 - Missing Authorization to Unauthenticated Youtube Video Import

The VidoRev Extensions plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'vidorev_import_single_video' AJAX action in all versions up to, and including, 2.9.9.9.9.9.5. This makes it possible for unauthenticated attackers to import arbitrary youtube v…

📅 Published: March 14, 2025, 4:22 a.m. 🔄 Last Modified: March 14, 2025, 1:46 p.m.

7.5

CVSS3.1

CVE-2024-11283 - WP JobHunt <= 7.1 - Authentication Bypass to Candidate

The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to wp_ajax_google_api_login_callback function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers…

📅 Published: March 14, 2025, 4:22 a.m. 🔄 Last Modified: March 14, 2025, 1:50 p.m.

9.8

CVSS3.1

CVE-2024-11286 - WP JobHunt <= 7.1 - Authentication Bypass

The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the cs_parse_request() function. This makes it possible for unauthenticated a…

📅 Published: March 14, 2025, 4:22 a.m. 🔄 Last Modified: March 14, 2025, 1:57 p.m.

6.1

CVSS3.1

CVE-2025-2166 - CM FAQ – Simplify support with an intuitive FAQ management tool <= 1.2.5 - Reflected Cross-Site Sc…

The CM FAQ – Simplify support with an intuitive FAQ management tool plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticate…

📅 Published: March 14, 2025, 4:22 a.m. 🔄 Last Modified: March 14, 2025, 1:59 p.m.
Total resulsts: 285319
Page 8 of 28,532
« previous page » next page
Filters