7.5

CVSS3.1

CVE-2024-11283 - WP JobHunt <= 7.1 - Authentication Bypass to Candidate

The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to wp_ajax_google_api_login_callback function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackersโ€ฆ

๐Ÿ“… Published: March 14, 2025, 4:22 a.m. ๐Ÿ”„ Last Modified: March 14, 2025, 1:50 p.m.

9.8

CVSS3.1

CVE-2024-11286 - WP JobHunt <= 7.1 - Authentication Bypass

The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the cs_parse_request() function. This makes it possible for unauthenticated aโ€ฆ

๐Ÿ“… Published: March 14, 2025, 4:22 a.m. ๐Ÿ”„ Last Modified: March 14, 2025, 1:57 p.m.

6.1

CVSS3.1

CVE-2025-2166 - CM FAQ โ€“ Simplify support with an intuitive FAQ management tool <= 1.2.5 - Reflected Cross-Site Scโ€ฆ

The CM FAQ โ€“ Simplify support with an intuitive FAQ management tool plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticateโ€ฆ

๐Ÿ“… Published: March 14, 2025, 4:22 a.m. ๐Ÿ”„ Last Modified: March 14, 2025, 1:59 p.m.

9.8

CVSS3.1

CVE-2024-11284 - WP JobHunt <= 7.1 - Unauthenticated Privilege Escalation via Password Reset/Account Takeover

The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.9. This is due to the plugin not properly validating a user's identity prior to updating their password through the account_settings_save_callback() function. This โ€ฆ

๐Ÿ“… Published: March 14, 2025, 4:22 a.m. ๐Ÿ”„ Last Modified: March 14, 2025, 1:59 p.m.

4.3

CVSS3.1

CVE-2025-1528 - Search and filter pro <= 2.5.19 - Missing Authorization to Authenticated (Subscriber+) Post Meta Exโ€ฆ

The Search & Filter Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_meta_values' function in all versions up to, and including, 2.5.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to โ€ฆ

๐Ÿ“… Published: March 14, 2025, 4:22 a.m. ๐Ÿ”„ Last Modified: March 14, 2025, 2:10 p.m.

5.3

CVSS3.1

CVE-2025-1285 - Resido - Real Estate WordPress Theme <= 3.6 - Missing Authorization to Unauthenticated Server-Side โ€ฆ

The Resido - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the delete_api_key and save_api_key AJAX actions in all versions up to, and including, 3.6. This makes it possible for unauthenticated attackers to issue requests tโ€ฆ

๐Ÿ“… Published: March 14, 2025, 4:22 a.m. ๐Ÿ”„ Last Modified: March 14, 2025, 3:13 p.m.

9.8

CVSS3.1

CVE-2024-11285 - WP JobHunt <= 7.1 - Unauthenticated Privilege Escalation via Email Update/Account Takeover

The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the account_settings_callback() function. Thisโ€ฆ

๐Ÿ“… Published: March 14, 2025, 4:22 a.m. ๐Ÿ”„ Last Modified: March 14, 2025, 3:15 p.m.

5.5

CVSS3.1

CVE-2023-52927 - netfilter: allow exp not to be removed in nf_ct_find_expectation

In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removedโ€ฆ

๐Ÿ“… Published: March 14, 2025, midnight ๐Ÿ”„ Last Modified: March 14, 2025, 3:15 p.m.

7.8

CVSS3.1

CVE-2025-24855 - libxslt: Use-After-Free in libxslt numbers.c

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.

๐Ÿ“… Published: March 14, 2025, midnight ๐Ÿ”„ Last Modified: March 14, 2025, 7:01 p.m.

0.0

CVE-2025-26163 -

CM Soluces Informatica Ltda Auto Atendimento 1.x.x was discovered to contain a SQL injection via the CPF parameter.

๐Ÿ“… Published: March 14, 2025, midnight ๐Ÿ”„ Last Modified: March 14, 2025, 3:15 a.m.
Total resulsts: 285420
Page 18 of 28,542
ยซ previous page ยป next page
Filters