| 2025-01-14 | CVE-2024-12919 | Unspecified vulnerability in Cozmoslabs Membership & Content Restriction - Paid Member Subscriptions
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.13.7. | 9.8 |
| 2025-01-14 | CVE-2024-11734 | A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. | 6.5 |
| 2025-01-14 | CVE-2024-11736 | A vulnerability was found in Keycloak. | 4.9 |
| 2025-01-14 | CVE-2024-13156 | The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘heading’ parameter in all versions up to, and including, 2.5.35 due to insufficient input sanitization and output escaping. | 6.4 |
| 2025-01-14 | CVE-2025-0393 | Cross-Site Request Forgery (CSRF) vulnerability in Royal-Elementor-Addons Royal Elementor Addons
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1006. | 6.1 |
| 2025-01-14 | CVE-2025-0394 | The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gh_big_file_upload() function in all versions up to, and including, 3.7.3.5. | 8.8 |
| 2025-01-14 | CVE-2024-12006 | Missing Authorization vulnerability in Boldgrid W3 Total Cache
The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.8.1. | 5.3 |
| 2025-01-14 | CVE-2024-12008 | Unspecified vulnerability in Boldgrid W3 Total Cache
The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. | 7.5 |
| 2025-01-14 | CVE-2024-12365 | Missing Authorization vulnerability in Boldgrid W3 Total Cache
The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_w3tc_admin_page function in all versions up to, and including, 2.8.1. | 8.5 |
| 2025-01-14 | CVE-2024-13323 | The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'booking' shortcode in all versions up to, and including, 10.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |