Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-03-01 CVE-2025-1671 The Academist Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.6.
network
low complexity
CWE-288
critical
 9.8
9.8
2025-03-01 CVE-2024-12824 The Nokri – Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.2.
network
low complexity
CWE-620
critical
 9.8
9.8
2025-03-01 CVE-2024-13373 The Exertio Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.1.
network
high complexity
CWE-620
8.1
8.1
2025-03-01 CVE-2025-1459 The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Embedded Video(PB) widget in all versions up to, and including, 2.31.4 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-03-01 CVE-2025-1502 The IP2Location Redirection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'download_ip2location_redirection_backup' AJAX action in all versions up to, and including, 1.33.3.
network
low complexity
CWE-862
5.3
5.3
2025-03-01 CVE-2025-1730 The Simple Download Counter plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.0 via the 'simple_download_counter_download_handler'.
network
low complexity
CWE-73
6.5
6.5
2025-03-01 CVE-2024-13901 The Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping.
network
high complexity
CWE-79
4.4
4.4
2025-03-01 CVE-2024-13518 The Simple:Press Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.10.11.
network
low complexity
CWE-352
4.3
4.3
2025-03-01 CVE-2024-13559 The TemplatesNext ToolKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tx_woo_wishlist_table' shortcode in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-03-01 CVE-2024-13568 The Fluent Support – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.5 via the 'fluent-support' directory.
network
low complexity
CWE-200
7.5
7.5