Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-03-14 CVE-2024-11285 The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1.
network
low complexity
CWE-639
critical
 9.8
9.8
2025-03-14 CVE-2024-11286 The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1.
network
low complexity
CWE-288
critical
 9.8
9.8
2025-03-14 CVE-2025-0955 The VidoRev Extensions plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'vidorev_import_single_video' AJAX action in all versions up to, and including, 2.9.9.9.9.9.5.
network
low complexity
CWE-862
5.3
5.3
2025-03-14 CVE-2025-1285 The Resido - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the delete_api_key and save_api_key AJAX actions in all versions up to, and including, 3.6.
network
low complexity
CWE-862
5.3
5.3
2025-03-14 CVE-2025-1528 The Search & Filter Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_meta_values' function in all versions up to, and including, 2.5.19.
network
low complexity
CWE-862
4.3
4.3
2025-03-14 CVE-2025-2056 The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 5.4.01 via the showFile function.
network
low complexity
CWE-23
7.5
7.5
2025-03-14 CVE-2025-2166 The CM FAQ – Simplify support with an intuitive FAQ management tool plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5.
network
low complexity
CWE-79
6.1
6.1
2025-03-13 CVE-2025-24053 Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
network
low complexity
CWE-285
7.2
7.2
2025-03-13 CVE-2025-24974 Missing Authorization vulnerability in Dataease
DataEase is an open source business intelligence and data visualization tool.
network
low complexity
dataease CWE-862
6.5
6.5
2025-03-13 CVE-2025-27103 Unspecified vulnerability in Dataease
DataEase is an open source business intelligence and data visualization tool.
network
low complexity
dataease
6.5
6.5