| 2025-03-01 | CVE-2025-1638 | The Alloggio Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.2. network low complexity CWE-288 critical | 9.8 |
| 2025-03-01 | CVE-2025-1671 | The Academist Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.6. network low complexity CWE-288 critical | 9.8 |
| 2025-02-28 | CVE-2025-0159 | IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request. network low complexity CWE-288 critical | 9.1 |
| 2025-02-27 | CVE-2025-1717 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Pluginly Login ME NOW
The Login Me Now plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.2. | 8.1 |
| 2025-02-13 | CVE-2024-13182 | The WP Directorybox Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.5. network low complexity CWE-288 critical | 9.8 |
| 2025-02-11 | CVE-2025-24472 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Fortinet Fortios and Fortiproxy
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote attacker to gain super-admin privileges via crafted CSF proxy requests. | 9.8 |
| 2025-02-11 | CVE-2025-0181 | The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.7. network low complexity CWE-288 critical | 9.8 |
| 2025-02-08 | CVE-2025-0316 | The WP Directorybox Manager plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.5. network low complexity CWE-288 critical | 9.8 |
| 2025-02-07 | CVE-2025-1061 | The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. network low complexity CWE-288 critical | 9.8 |
| 2025-01-07 | CVE-2024-12402 | The Themes Coder – Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.4. network low complexity CWE-288 critical | 9.8 |