5.3
CVE-2024-6626 - EleForms โ All In One Form Integration including DB for Elementor <= 2.9.9.9 - Missing Authorization
The EleForms โ All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several functions in all versions up to, and including, 2.9.9.9. This makes it possible for unauthenticated attackers to view โฆ
8.1
CVE-2024-9946 - Social Share, Social Login and Social Comments Plugin โ Super Socializer <= 7.13.68 - Authenticatioโฆ
The Social Share, Social Login and Social Comments Plugin โ Super Socializer plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.13.68. This is due to insufficient verification on the user being returned by the social login token. This makes it possibโฆ
4.3
CVE-2024-10543 - Tumult Hype Animations <= 1.9.14 - Missing Authorization
The Tumult Hype Animations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hypeanimations_getcontent function in all versions up to, and including, 1.9.14. This makes it possible for authenticated attackers, with Subscriber-level access andโฆ
8.1
CVE-2024-10020 - Heateor Social Login WordPress <= 1.1.35 - Authentication Bypass via Disqus OAuth provider
The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.1.35. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in โฆ
5.3
CVE-2024-10535 - Video Gallery for WooCommerce <= 1.31 - Missing Authorization to Unauthenticated Limited File Deletโฆ
The Video Gallery for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the remove_unused_thumbnails() function in all versions up to, and including, 1.31. This makes it possible for unauthenticated attackers to delete thumbnailโฆ
9.9
CVE-2024-9307 - mFolio Lite <= 1.2.1 - Missing Authorization to Authenticated (Author+) File Upload via EXE and SVGโฆ
The mFolio Lite plugin for WordPress is vulnerable to file uploads due to a missing capability check in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenevโฆ
6.3
CVE-2024-9902 - Ansible-core: ansible-core user may read/write unauthorized content
A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprโฆ
6.1
CVE-2024-9934 - Wp-ImageZoom <= 1.1.0 - Reflected XSS
The Wp-ImageZoom WordPress plugin through 1.1.0 does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
4.8
CVE-2024-7879 - WP ULike < 4.7.5 - Admin+ Stored XSS via Widgets
The WP ULike WordPress plugin before 4.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
0.0
CVE-2025-20110 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused