2025-03-03 | CVE-2025-24654 | Missing Authorization vulnerability in Squirrly SEO Plugin BY Squirrly SEO Missing Authorization vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.4.05. | 8.8 |
2025-03-01 | CVE-2025-1404 | The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_sccp_reports_user_search() function in all versions up to, and including, 4.4.7. | 5.3 |
2025-03-01 | CVE-2024-12544 | The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to arbitrary file deletion due to a missing capability check on the callback function of the SurveyJS_DeleteFile class in all versions up to, and including, 1.12.17. | 8.8 |
2025-03-01 | CVE-2025-1502 | The IP2Location Redirection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'download_ip2location_redirection_backup' AJAX action in all versions up to, and including, 1.33.3. | 5.3 |
2025-03-01 | CVE-2024-13746 | The Booking Calendar and Notification plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on the wpcb_all_bookings(), wpcb_update_booking_post(), and wpcb_delete_posts() functions in all versions up to, and including, 4.0.3. | 6.5 |
2025-03-01 | CVE-2024-13358 | The BuddyPress WooCommerce My Account Integration. | 4.3 |
2025-03-01 | CVE-2025-1780 | The BuddyPress WooCommerce My Account Integration. | 4.3 |
2025-02-28 | CVE-2024-10860 | Missing Authorization vulnerability in Xlplugins Nextmove The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to unauthorized submission of data due to a missing capability check on the _submit_uninstall_reason_action() function in all versions up to, and including, 2.19.0. | 4.3 |
2025-02-28 | CVE-2024-13716 | Missing Authorization vulnerability in Tarbor Forex Calculators The Forex Calculators plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_settings_callback() function in all versions up to, and including, 1.3.5. | 4.3 |
2025-02-28 | CVE-2024-9195 | Missing Authorization vulnerability in Whmpress Whmcs Client Area 4.3 The WHMPress - WHMCS Client Area plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the update_settings case in the /admin/ajax.php file in all versions up to, and including, 4.3-revision-3. | 8.8 |