| 2025-03-14 | CVE-2024-13824 | Deserialization of Untrusted Data vulnerability in Potenzaglobalsolutions Ciyashop
The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.19.0 via deserialization of untrusted input in the 'add_ciyashop_wishlist' and 'ciyashop_get_compare' functions. | 9.8 |
| 2025-03-14 | CVE-2025-2221 | SQL Injection vulnerability in Wpcom Member
The WPCOM Member plugin for WordPress is vulnerable to time-based SQL Injection via the ‘user_phone’ parameter in all versions up to, and including, 1.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-03-14 | CVE-2024-13376 | The Industrial theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the _ajax_get_total_content_import_items() function in all versions up to, and including, 1.7.8. | 8.8 |
| 2025-03-14 | CVE-2024-13913 | The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.0.83. | 8.8 |
| 2025-03-14 | CVE-2025-0952 | The Eco Nature - Environment & Ecology WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cmsmasters_hide_admin_notice' AJAX action in all versions up to, and including, 2.0.4. | 8.1 |
| 2025-03-14 | CVE-2025-1764 | The LoginPress | wp-login Custom Login Page Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.1. | 7.5 |
| 2025-03-14 | CVE-2025-2103 | Missing Authorization vulnerability in Irontemplates Soundrise
The SoundRise Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on theironMusic_ajax() function in all versions up to, and including, 1.6.11. | 8.8 |
| 2025-03-14 | CVE-2025-2289 | Missing Authorization vulnerability in Zozothemes Zegen
The Zegen - Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, and including, 1.1.9. | 8.8 |
| 2025-03-14 | CVE-2024-11283 | The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. | 7.5 |
| 2025-03-14 | CVE-2024-11284 | The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.9. network low complexity CWE-639 critical | 9.8 |