| 2025-03-08 | CVE-2025-1325 | Missing Authorization vulnerability in Plechevandrey Wp-Recall
The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to arbitrary shortcode execution due to a missing capability check on the 'rcl_preview_post' AJAX endpoint in all versions up to, and including, 16.26.10. | 6.3 |
| 2025-03-08 | CVE-2024-13816 | Missing Authorization vulnerability in Coderevolution Aiomatic
The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 2.3.6. | 5.4 |
| 2025-03-08 | CVE-2025-1481 | Missing Authorization vulnerability in Jozoor Shortcode Cleaner Lite
The Shortcode Cleaner Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_backup() function in all versions up to, and including, 1.0.9. | 4.3 |
| 2025-03-08 | CVE-2025-1504 | Missing Authorization vulnerability in Andypalmer Post Lockdown
The Post Lockdown plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.0.2 via the 'pl_autocomplete' AJAX action due to insufficient restrictions on which posts can be included. | 6.5 |
| 2025-03-07 | CVE-2024-12610 | The School Management System for Wordpress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'mj_smgt_remove_feetype' and 'mj_smgt_remove_category_new' AJAX actions in all versions up to, and including, 93.0.0. | 5.3 |
| 2025-03-07 | CVE-2024-12611 | The School Management System for Wordpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'title' parameter in all versions up to, and including, 93.0.0 due to insufficient input sanitization and output escaping. | 5.3 |
| 2025-03-07 | CVE-2024-12876 | Missing Authorization vulnerability in Uxper Golo
The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.10. | 9.8 |
| 2025-03-07 | CVE-2025-1309 | The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the uip_save_form_as_option() function in all versions up to, and including, 3.5.04. | 8.8 |
| 2025-03-07 | CVE-2024-13655 | The Flex Mag - Responsive WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanel_of_ajax_callback() function in all versions up to, and including, 3.5.2. | 8.1 |
| 2025-03-07 | CVE-2024-13526 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the export_submittion_attendees function in all versions up to, and including, 4.0.7.3. | 4.3 |