Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-14 | CVE-2024-13321 | SQL Injection vulnerability in Analyticswp The AnalyticsWP plugin for WordPress is vulnerable to SQL Injection via the 'custom_sql' parameter in all versions up to, and including, 2.0.0 due to insufficient authorization checks on the handle_get_stats() function. | 9.8 |
| 2025-03-14 | CVE-2024-13407 | Authorization Bypass Through User-Controlled Key vulnerability in Omnipressteam Omnipress The Omnipress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.4 via the megamenu block due to insufficient restrictions on which posts can be included. | 6.5 |
| 2025-03-14 | CVE-2025-1526 | Cross-site Scripting vulnerability in Detheme Dethemekit for Elementor The DethemeKit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the De Product Display Widget (countdown feature) in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-03-14 | CVE-2024-13824 | Deserialization of Untrusted Data vulnerability in Potenzaglobalsolutions Ciyashop The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.19.0 via deserialization of untrusted input in the 'add_ciyashop_wishlist' and 'ciyashop_get_compare' functions. | 9.8 |
| 2025-03-14 | CVE-2025-2221 | SQL Injection vulnerability in Wpcom Member The WPCOM Member plugin for WordPress is vulnerable to time-based SQL Injection via the ‘user_phone’ parameter in all versions up to, and including, 1.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-03-14 | CVE-2024-13376 | The Industrial theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the _ajax_get_total_content_import_items() function in all versions up to, and including, 1.7.8. | 8.8 |
| 2025-03-14 | CVE-2024-13913 | The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.0.83. | 8.8 |
| 2025-03-14 | CVE-2025-0952 | The Eco Nature - Environment & Ecology WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cmsmasters_hide_admin_notice' AJAX action in all versions up to, and including, 2.0.4. | 8.1 |
| 2025-03-14 | CVE-2025-1764 | The LoginPress | wp-login Custom Login Page Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.1. | 7.5 |
| 2025-03-14 | CVE-2025-2103 | Missing Authorization vulnerability in Irontemplates Soundrise The SoundRise Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on theironMusic_ajax() function in all versions up to, and including, 1.6.11. | 8.8 |