Vulnerabilities

DATE	CVE	VULNERABILITY TITLE	RISK
2025-03-01	CVE-2025-1404	The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_sccp_reports_user_search() function in all versions up to, and including, 4.4.7. network low complexity CWE-862	5.3
2025-03-01	CVE-2024-13546	The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.1 via the 'get_image_description' function. network low complexity CWE-200	4.3
2025-03-01	CVE-2024-13611	Information Exposure vulnerability in Wordplus Better Messages The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the 'bp-better-messages' directory. network low complexity wordplus CWE-200	7.5
2025-03-01	CVE-2024-13697	Server-Side Request Forgery (SSRF) vulnerability in Wordplus Better Messages The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.4 via the 'nice_links'. network low complexity wordplus CWE-918	6.5
2025-03-01	CVE-2024-13910	The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'database_backup_ajax_delete' function in all versions up to, and including, 2.35. network low complexity CWE-22	7.2
2025-03-01	CVE-2025-1291	The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘icon’ parameter in all versions up to, and including, 3.4.9 due to insufficient input sanitization and output escaping. network low complexity CWE-79	6.4
2025-03-01	CVE-2024-12544	The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to arbitrary file deletion due to a missing capability check on the callback function of the SurveyJS_DeleteFile class in all versions up to, and including, 1.12.17. network low complexity CWE-862	8.8
2025-03-01	CVE-2024-13806	The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.6. network low complexity CWE-94	6.5
2025-03-01	CVE-2024-13911	The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35 via the /dashboard/backup.php file. network low complexity CWE-200	7.2
2025-03-01	CVE-2025-1564	The SetSail Membership plugin for WordPress is vulnerable to in all versions up to, and including, 1.0.3. network low complexity CWE-288 critical	9.8

Vulnerabilities {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities"}]}

Vulnerabilities