Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-02-27 CVE-2024-13402 The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link_title’ parameter in all versions up to, and including, 2.7.70 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-02-27 CVE-2024-13217 The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.11 via the 'expired_data' and 'build_content' functions.
network
low complexity
CWE-359
4.3
4.3
2025-02-27 CVE-2024-13734 The Card Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Profile Card widget in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-02-27 CVE-2025-1450 The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button, WhatsApp – Chaty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-hover’ parameter in all versions up to, and including, 3.3.5 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-02-27 CVE-2025-1282 The Car Dealer Automotive WordPress Theme – Responsive theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_post_photo() and add_car() functions in all versions up to, and including, 1.6.3.
network
low complexity
CWE-22
8.8
8.8
2025-02-27 CVE-2025-1690 The ThemeMakers Stripe Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'stripe' shortcode in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-02-27 CVE-2025-1717 The Login Me Now plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.2.
network
high complexity
CWE-288
8.1
8.1
2025-02-27 CVE-2024-13907 The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.16.8 via the 'download' function.
network
low complexity
CWE-918
4.9
4.9
2025-02-27 CVE-2025-1689 The ThemeMakers PayPal Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'paypal' shortcode in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-02-27 CVE-2024-2297 The Bricks theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.6.1.
network
high complexity
CWE-269
7.1
7.1