| 2025-01-11 | CVE-2024-12472 | The Post Duplicator plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the mtphr_duplicate_post() due to insufficient restrictions on which posts can be duplicated. | 5.3 |
| 2025-01-09 | CVE-2024-10215 | The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. network low complexity CWE-639 critical | 9.8 |
| 2025-01-07 | CVE-2024-12131 | Authorization Bypass Through User-Controlled Key vulnerability in Wpjobportal WP JOB Portal
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.5 due to missing validation on a user controlled key. | 4.3 |
| 2025-01-03 | CVE-2024-12132 | Authorization Bypass Through User-Controlled Key vulnerability in Wpjobportal WP JOB Portal
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.4 due to missing validation on a user controlled key. | 4.3 |
| 2024-12-31 | CVE-2024-13040 | The QOCA aim from Quanta Computer has an Authorization Bypass Through User-Controlled Key vulnerability. | 8.8 |
| 2024-12-25 | CVE-2024-12335 | Authorization Bypass Through User-Controlled Key vulnerability in Theme-Fusion Avada Builder 3.11.11/3.11.12
The Avada (Fusion) Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.11.12 via the handle_clone_post() function and the 'fusion_blog' shortcode and due to insufficient restrictions on which posts can be included. | 4.3 |
| 2024-12-24 | CVE-2024-12103 | The Content No Cache: prevent specific content from being cached plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.1.2 via the eos_dyn_get_content action due to insufficient restrictions on which posts can be included. | 5.3 |
| 2024-12-21 | CVE-2024-10797 | The Full Screen Menu for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.7 via the Full Screen Menu Elementor Widget due to insufficient restrictions on which posts can be included. | 4.3 |
| 2024-12-18 | CVE-2024-12061 | The Events Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.3 via the naevents_elementor_template shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
| 2024-12-17 | CVE-2024-9819 | Authorization Bypass Through User-Controlled Key vulnerability in NextGeography NG Analyser allows Functionality Misuse.This issue affects NG Analyser: before 2.2.711. | 6.5 |