| 2025-01-08 | CVE-2024-11423 | The Ultimate Gift Cards for WooCommerce – Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. | 7.5 |
| 2025-01-08 | CVE-2024-12712 | The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the webhook function in all versions up to, and including, 5.7.8. | 5.3 |
| 2025-01-08 | CVE-2024-12855 | The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions like 'sb_remove_ad' in all versions up to, and including, 5.1.7. | 4.3 |
| 2025-01-08 | CVE-2024-11270 | Missing Authorization vulnerability in Webinarpress
The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the 'sync-import-imgs' function and missing file type validation in all versions up to, and including, 1.33.24. | 8.8 |
| 2025-01-08 | CVE-2024-11271 | Missing Authorization vulnerability in Webinarpress
The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to modification of data due to a missing capability check on several functions in all versions up to, and including, 1.33.24. | 4.3 |
| 2025-01-08 | CVE-2024-11816 | Missing Authorization vulnerability in Wpextended Ultimate Wordpress Toolkit
The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Remote Code Execution in version 3.0.11. | 8.8 |
| 2025-01-08 | CVE-2024-12713 | The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handle_export_form() function due to a missing capability check. | 5.3 |
| 2025-01-07 | CVE-2024-12033 | Missing Authorization vulnerability in Artbees Jupiter X Core
The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sync_libraries() function in all versions up to, and including, 4.8.5. | 4.3 |
| 2025-01-07 | CVE-2024-12316 | Missing Authorization vulnerability in Artbees Jupiter X Core
The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_popup_action() function in all versions up to, and including, 4.8.5. | 5.3 |
| 2025-01-07 | CVE-2024-12711 | The RSVP and Event Management plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX functions like bulk_delete_attendees() and bulk_delete_questions() in all versions up to, and including, 2.7.13. | 5.3 |