| 2025-02-11 | CVE-2024-13643 | The Zox News - Professional WordPress News & Magazine Theme plugin for WordPress is vulnerable to unauthorized data modification. | 8.8 |
| 2025-02-11 | CVE-2025-23189 | Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an authenticated attacker could generate technical meta-data. | 4.3 |
| 2025-02-11 | CVE-2025-23190 | Due to missing authorization check, an authenticated attacker could call a remote-enabled function module which allows them to access data that they would otherwise not have access to. | 4.3 |
| 2025-02-07 | CVE-2025-25167 | Missing Authorization vulnerability in Blackandwhitedigital Bookpress 1.2.7
Missing Authorization vulnerability in blackandwhitedigital BookPress – For Book Authors allows Exploiting Incorrectly Configured Access Control Security Levels. | 9.8 |
| 2025-02-07 | CVE-2025-1084 | A vulnerability, which was classified as problematic, has been found in Mindskip xzs-mysql ????????? 3.9.0. | 4.3 |
| 2025-02-06 | CVE-2025-1074 | A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. | 4.3 |
| 2025-02-04 | CVE-2024-13529 | The SocialV - Social Network and Community BuddyPress Theme theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'socialv_send_download_file' function in all versions up to, and including, 2.0.15. | 6.5 |
| 2025-02-03 | CVE-2024-11133 | Missing Authorization vulnerability in Imithemes Eventer
The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handle_pdf_download_request' function in all versions up to, and including, 3.9.9. | 5.3 |
| 2025-02-03 | CVE-2024-11134 | Missing Authorization vulnerability in Imithemes Eventer
The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'eventer_export_bookings_csv' function in all versions up to, and including, 3.9.9. | 6.5 |
| 2025-02-01 | CVE-2024-13775 | Missing Authorization vulnerability in Vanquish Woocommerce Support Ticket System
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to unauthorized access and loss of data due to missing capability checks on the 'ajax_delete_message', 'ajax_get_customers_partial_list', and 'ajax_get_admins_list' functions in all versions up to, and including, 17.8. | 5.4 |