Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-03-14 CVE-2025-1764 The LoginPress | wp-login Custom Login Page Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.1.
network
high complexity
CWE-352
7.5
7.5
2025-03-14 CVE-2025-2103 Missing Authorization vulnerability in Irontemplates Soundrise
The SoundRise Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on theironMusic_ajax() function in all versions up to, and including, 1.6.11.
network
low complexity
irontemplates CWE-862
8.8
8.8
2025-03-14 CVE-2025-2289 Missing Authorization vulnerability in Zozothemes Zegen
The Zegen - Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, and including, 1.1.9.
network
low complexity
zozothemes CWE-862
8.8
8.8
2025-03-14 CVE-2024-11283 The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1.
network
low complexity
CWE-289
7.5
7.5
2025-03-14 CVE-2024-11284 The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.9.
network
low complexity
CWE-639
critical
 9.8
9.8
2025-03-14 CVE-2024-11285 The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1.
network
low complexity
CWE-639
critical
 9.8
9.8
2025-03-14 CVE-2024-11286 The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1.
network
low complexity
CWE-288
critical
 9.8
9.8
2025-03-14 CVE-2025-0955 The VidoRev Extensions plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'vidorev_import_single_video' AJAX action in all versions up to, and including, 2.9.9.9.9.9.5.
network
low complexity
CWE-862
5.3
5.3
2025-03-14 CVE-2025-1285 The Resido - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the delete_api_key and save_api_key AJAX actions in all versions up to, and including, 3.6.
network
low complexity
CWE-862
5.3
5.3
2025-03-14 CVE-2025-1528 The Search & Filter Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_meta_values' function in all versions up to, and including, 2.5.19.
network
low complexity
CWE-862
4.3
4.3