| 2025-03-26 | CVE-2024-13801 | The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'baf_set_notice_status' AJAX action in all versions up to, and including, 2.1.4. | 8.1 |
| 2025-03-26 | CVE-2025-2276 | The Ultimate Dashboard – Custom WordPress Dashboard plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_module_actions function in all versions up to, and including, 3.8.7. | 4.3 |
| 2025-03-25 | CVE-2025-2224 | The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'parse_query' function in all versions up to, and including, 8.2. | 5.3 |
| 2025-03-22 | CVE-2025-1408 | Missing Authorization vulnerability in Metagauss Profilegrid
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_decline_join_group_request and pm_approve_join_group_request functions in all versions up to, and including, 5.9.4.4. | 4.3 |
| 2025-03-22 | CVE-2024-13737 | Missing Authorization vulnerability in Stylemixthemes Motors - CAR Dealer, Classifieds & Listing
The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the motors_create_template and motors_delete_template functions in all versions up to, and including, 1.4.57. | 4.3 |
| 2025-03-21 | CVE-2025-2589 | Missing Authorization vulnerability in Code-Projects Human Resource Management 1.0.1
A vulnerability was found in code-projects Human Resource Management System 1.0.1 and classified as critical. | 9.8 |
| 2025-03-20 | CVE-2025-1766 | The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'payment_complete' function in all versions up to, and including, 4.0.24. | 5.3 |
| 2025-03-19 | CVE-2024-12920 | The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the foodbakery_var_backup_file_delete, foodbakery_widget_file_delete, theme_option_save, export_widget_settings, ajax_import_widget_data, foodbakery_var_settings_backup_generate, foodbakery_var_backup_file_restore, and theme_option_rest_all functions in all versions up to, and including, 4.7. | 8.8 |
| 2025-03-19 | CVE-2024-13412 | The CozyStay theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 1.7.0. | 7.5 |
| 2025-03-19 | CVE-2024-12922 | The Altair theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check within functions.php in all versions up to, and including, 5.2.4. network low complexity CWE-862 critical | 9.8 |