Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-12 | CVE-2024-13653 | Missing Authorization vulnerability in Mvpthemes Zoxpress The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backup_options' function in all versions up to, and including, 2.12.0. | 8.8 |
| 2025-02-12 | CVE-2024-13654 | Missing Authorization vulnerability in Mvpthemes Zoxpress The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'reset_options' function in all versions up to, and including, 2.12.0. | 8.1 |
| 2025-02-12 | CVE-2024-13656 | Missing Authorization vulnerability in Mvpthemes Click MAG The Click Mag - Viral WordPress News Magazine/Blog Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanel_of_ajax_callback() function in all versions up to, and including, 3.6.0. | 8.1 |
| 2025-02-12 | CVE-2024-13658 | Cross-site Scripting vulnerability in Wpo-Hr NGG Smart Image Search The NGG Smart Image Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hr_SIS_nextgen_searchbox' shortcode in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-12 | CVE-2024-13665 | Cross-site Scripting vulnerability in Sktthemes Admire Extra The Admire Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'space' shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-12 | CVE-2024-13769 | Cross-site Scripting vulnerability in Themerex Puzzles The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the 'theme_options_ajax_post_action' AJAX action in all versions up to, and including, 4.2.4. | 5.4 |
| 2025-02-12 | CVE-2024-13800 | Missing Authorization vulnerability in Convertplug Convertplus The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cp_dismiss_notice' AJAX endpoint in all versions up to, and including, 3.5.30. | 8.1 |
| 2025-02-12 | CVE-2024-13539 | Information Exposure Through an Error Message vulnerability in Vividcolorsjp Aforms Eats The AForms Eats plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.3.1. | 5.3 |
| 2025-02-12 | CVE-2024-13541 | Missing Authorization vulnerability in Adirectory The aDirectory – WordPress Directory Listing Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the adqs_delete_listing() function in all versions up to, and including, 2.3. | 5.4 |
| 2025-02-12 | CVE-2024-13554 | Missing Authorization vulnerability in Wpextended WP Extended The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reorder_route() function in all versions up to, and including, 3.0.13. | 5.3 |