Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-03-14 CVE-2025-2289 Missing Authorization vulnerability in Zozothemes Zegen
The Zegen - Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, and including, 1.1.9.
network
low complexity
zozothemes CWE-862
8.8
8.8
2025-03-14 CVE-2024-11283 The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1.
network
low complexity
CWE-289
7.5
7.5
2025-03-14 CVE-2024-11284 The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.9.
network
low complexity
CWE-639
critical
 9.8
9.8
2025-03-14 CVE-2024-11285 The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1.
network
low complexity
CWE-639
critical
 9.8
9.8
2025-03-14 CVE-2024-11286 The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1.
network
low complexity
CWE-288
critical
 9.8
9.8
2025-03-14 CVE-2025-0955 The VidoRev Extensions plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'vidorev_import_single_video' AJAX action in all versions up to, and including, 2.9.9.9.9.9.5.
network
low complexity
CWE-862
5.3
5.3
2025-03-14 CVE-2025-1285 The Resido - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the delete_api_key and save_api_key AJAX actions in all versions up to, and including, 3.6.
network
low complexity
CWE-862
5.3
5.3
2025-03-14 CVE-2025-1528 The Search & Filter Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_meta_values' function in all versions up to, and including, 2.5.19.
network
low complexity
CWE-862
4.3
4.3
2025-03-14 CVE-2025-2056 The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 5.4.01 via the showFile function.
network
low complexity
CWE-23
7.5
7.5
2025-03-14 CVE-2025-2166 The CM FAQ – Simplify support with an intuitive FAQ management tool plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5.
network
low complexity
CWE-79
6.1
6.1