Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-03-01 CVE-2024-13546 The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.1 via the 'get_image_description' function.
network
low complexity
CWE-200
4.3
4.3
2025-03-01 CVE-2024-13611 The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the 'bp-better-messages' directory.
network
low complexity
CWE-200
7.5
7.5
2025-03-01 CVE-2024-13697 The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.4 via the 'nice_links'.
network
high complexity
CWE-918
4.8
4.8
2025-03-01 CVE-2024-13910 The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'database_backup_ajax_delete' function in all versions up to, and including, 2.35.
network
low complexity
CWE-22
7.2
7.2
2025-03-01 CVE-2025-1291 The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘icon’ parameter in all versions up to, and including, 3.4.9 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-03-01 CVE-2024-12544 The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to arbitrary file deletion due to a missing capability check on the callback function of the SurveyJS_DeleteFile class in all versions up to, and including, 1.12.17.
network
low complexity
CWE-862
8.8
8.8
2025-03-01 CVE-2024-13806 The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.6.
network
low complexity
CWE-94
6.5
6.5
2025-03-01 CVE-2024-13911 The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35 via the /dashboard/backup.php file.
network
low complexity
CWE-200
7.2
7.2
2025-03-01 CVE-2025-1564 The SetSail Membership plugin for WordPress is vulnerable to in all versions up to, and including, 1.0.3.
network
low complexity
CWE-288
critical
 9.8
9.8
2025-03-01 CVE-2025-1638 The Alloggio Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.2.
network
low complexity
CWE-288
critical
 9.8
9.8