Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-02-13 CVE-2024-13639 Missing Authorization vulnerability in Edmonsoft Read More & Accordion
The Read More & Accordion plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the expmDeleteData() function in all versions up to, and including, 3.4.2.
network
low complexity
edmonsoft CWE-862
4.3
4.3
2025-02-13 CVE-2024-13345 The Avada Builder plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.11.13.
network
low complexity
CWE-94
7.3
7.3
2025-02-13 CVE-2024-13346 The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13.
network
low complexity
CWE-94
7.3
7.3
2025-02-13 CVE-2025-0661 The DethemeKit For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the duplicate_post() function due to insufficient restrictions on which posts can be duplicated.
network
low complexity
CWE-639
4.3
4.3
2025-02-13 CVE-2024-10763 The Campress theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.35 via the 'campress_woocommerce_get_ajax_products' function.
network
low complexity
CWE-22
critical
 9.8
9.8
2025-02-13 CVE-2024-13227 The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Rank Math API in all versions up to, and including, 1.0.235 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-02-13 CVE-2024-13229 The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the update_metadata() function in all versions up to, and including, 1.0.235.
network
low complexity
CWE-284
4.3
4.3
2025-02-13 CVE-2024-13770 The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2.4 via deserialization of untrusted input 'view_more_posts' AJAX action.
network
high complexity
CWE-502
8.1
8.1
2025-02-13 CVE-2025-0837 The Puzzles theme for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.2.4 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-02-13 CVE-2024-13644 The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's De Gallery widget in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4