| 2025-04-12 | CVE-2025-3282 | The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the user_registration_membership_register_member() due to missing validation on the 'membership_id' user controlled key. | 5.3 |
| 2025-04-12 | CVE-2025-3292 | The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the user_registration_update_profile_details() due to missing validation on the 'user_id' user controlled key. | 4.3 |
| 2025-04-08 | CVE-2025-2526 | The Streamit theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.2. | 8.8 |
| 2025-03-20 | CVE-2024-13558 | Authorization Bypass Through User-Controlled Key vulnerability in Neahplugins NP Quote Request for Woocommerce
The NP Quote Request for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.179 due to missing validation on a user controlled key. | 5.3 |
| 2025-03-15 | CVE-2025-1667 | Authorization Bypass Through User-Controlled Key vulnerability in Igexsolutions Wpschoolpress
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wpsp_UpdateTeacher() function in all versions up to, and including, 2.2.16. | 4.3 |
| 2025-03-14 | CVE-2024-13407 | Authorization Bypass Through User-Controlled Key vulnerability in Omnipressteam Omnipress
The Omnipress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.4 via the megamenu block due to insufficient restrictions on which posts can be included. | 6.5 |
| 2025-03-14 | CVE-2024-11284 | The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.9. network low complexity CWE-639 critical | 9.8 |
| 2025-03-14 | CVE-2024-11285 | The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1. network low complexity CWE-639 critical | 9.8 |
| 2025-03-13 | CVE-2024-13887 | The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.14 via the 'ajax_listing_submit_image_upload' function due to missing validation on a user controlled key. | 5.3 |
| 2025-03-11 | CVE-2025-28874 | Authorization Bypass Through User-Controlled Key vulnerability in Shanebp BP Email Assign Templates
Authorization Bypass Through User-Controlled Key vulnerability in shanebp BP Email Assign Templates allows Exploiting Incorrectly Configured Access Control Security Levels. | 4.9 |