Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-14 | CVE-2025-2000 | A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. | 9.8 |
| 2025-03-14 | CVE-2024-12810 | Missing Authorization vulnerability in Chimpgroup Jobcareer The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 7.1. | 8.1 |
| 2025-03-14 | CVE-2024-13771 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Uxper Civi The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. | 5.9 |
| 2025-03-14 | CVE-2024-13772 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Uxper Civi The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. | 5.9 |
| 2025-03-14 | CVE-2024-13773 | Use of Hard-coded Cryptographic Key vulnerability in Uxper Civi The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via hard-coded credentials. | 7.5 |
| 2025-03-14 | CVE-2025-2232 | Improper Privilege Management vulnerability in Purethemes Realteo 1.2.4 The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. | 9.8 |
| 2025-03-14 | CVE-2025-1507 | Missing Authorization vulnerability in Sharethis Dashboard for Google Analytics The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_actions() function in all versions up to, and including, 3.2.1. | 5.3 |
| 2025-03-14 | CVE-2024-13321 | SQL Injection vulnerability in Analyticswp The AnalyticsWP plugin for WordPress is vulnerable to SQL Injection via the 'custom_sql' parameter in all versions up to, and including, 2.0.0 due to insufficient authorization checks on the handle_get_stats() function. | 9.8 |
| 2025-03-14 | CVE-2024-13407 | Authorization Bypass Through User-Controlled Key vulnerability in Omnipressteam Omnipress The Omnipress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.4 via the megamenu block due to insufficient restrictions on which posts can be included. | 6.5 |
| 2025-03-14 | CVE-2025-1526 | Cross-site Scripting vulnerability in Detheme Dethemekit for Elementor The DethemeKit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the De Product Display Widget (countdown feature) in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping. | 5.4 |