| 2025-03-22 | CVE-2025-1408 | Missing Authorization vulnerability in Metagauss Profilegrid
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_decline_join_group_request and pm_approve_join_group_request functions in all versions up to, and including, 5.9.4.4. | 4.3 |
| 2025-03-22 | CVE-2024-13737 | Missing Authorization vulnerability in Stylemixthemes Motors - CAR Dealer, Classifieds & Listing
The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the motors_create_template and motors_delete_template functions in all versions up to, and including, 1.4.57. | 4.3 |
| 2025-03-21 | CVE-2025-2589 | Missing Authorization vulnerability in Code-Projects Human Resource Management 1.0.1
A vulnerability was found in code-projects Human Resource Management System 1.0.1 and classified as critical. | 9.8 |
| 2025-03-20 | CVE-2025-1766 | The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'payment_complete' function in all versions up to, and including, 4.0.24. | 5.3 |
| 2025-03-19 | CVE-2024-12920 | The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the foodbakery_var_backup_file_delete, foodbakery_widget_file_delete, theme_option_save, export_widget_settings, ajax_import_widget_data, foodbakery_var_settings_backup_generate, foodbakery_var_backup_file_restore, and theme_option_rest_all functions in all versions up to, and including, 4.7. | 8.8 |
| 2025-03-19 | CVE-2024-13412 | The CozyStay theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 1.7.0. | 7.5 |
| 2025-03-19 | CVE-2024-12922 | The Altair theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check within functions.php in all versions up to, and including, 5.2.4. network low complexity CWE-862 critical | 9.8 |
| 2025-03-19 | CVE-2025-2290 | The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to Unauthenticated Post Trashing due to a missing capability check on the delete_access_plan function and the related AJAX calls in all versions up to, and including, 8.0.1. | 5.3 |
| 2025-03-18 | CVE-2025-2262 | The The Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.7.3. | 7.3 |
| 2025-03-15 | CVE-2025-2025 | Missing Authorization vulnerability in Givewp
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the give_reports_earnings() function in all versions up to, and including, 3.22.0. | 7.5 |