| 2025-03-14 | CVE-2024-11286 | The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. network low complexity CWE-288 critical | 9.8 |
| 2025-03-12 | CVE-2024-13446 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Amentotech Workreap
The Workreap plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.2.5. | 9.8 |
| 2025-03-07 | CVE-2024-9658 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Dasinfomedia School Management System
The School Management System for Wordpress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 93.0.0. | 8.8 |
| 2025-03-07 | CVE-2025-1315 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Sfwebservice Injob
The InWave Jobs plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 3.5.1. | 9.8 |
| 2025-03-07 | CVE-2025-0749 | The Homey theme for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.3. | 8.1 |
| 2025-03-05 | CVE-2025-1515 | The WP Real Estate Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.8. network low complexity CWE-288 critical | 9.8 |
| 2025-03-01 | CVE-2025-1564 | The SetSail Membership plugin for WordPress is vulnerable to in all versions up to, and including, 1.0.3. network low complexity CWE-288 critical | 9.8 |
| 2025-03-01 | CVE-2025-1638 | The Alloggio Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.2. network low complexity CWE-288 critical | 9.8 |
| 2025-03-01 | CVE-2025-1671 | The Academist Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.6. network low complexity CWE-288 critical | 9.8 |
| 2025-02-28 | CVE-2025-0159 | IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request. network low complexity CWE-288 critical | 9.1 |