| 2025-01-30 | CVE-2024-12129 | Missing Authorization vulnerability in Wp-Royal-Themes Royal Core
The Royal Core plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'royal_restore_backup' function in all versions up to, and including, 2.9.2. | 8.8 |
| 2025-01-30 | CVE-2024-12269 | Missing Authorization vulnerability in Wpmessiah Safe AI Malware Protection for WP
The Safe Ai Malware Protection for WP plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_db() function in all versions up to, and including, 1.0.17. | 7.5 |
| 2025-01-30 | CVE-2024-12821 | The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the upm_upload_media() function in all versions up to, and including, 3.12.0. | 8.8 |
| 2025-01-30 | CVE-2024-12822 | The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the add_capto_img() function in all versions up to, and including, 3.11.0. network low complexity CWE-862 critical | 9.8 |
| 2025-01-30 | CVE-2024-13652 | Missing Authorization vulnerability in Ecpay Ecommerce for Woocommerce
The ECPay Ecommerce for WooCommerce plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'clear_ecpay_debug_log' AJAX action in all versions up to, and including, 1.1.2411060. | 4.3 |
| 2025-01-30 | CVE-2024-13715 | Missing Authorization vulnerability in Ikjweb Zstore Manager Basic
The zStore Manager Basic plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the zstore_clear_cache() function in all versions up to, and including, 3.311. | 4.3 |
| 2025-01-26 | CVE-2024-11936 | Missing Authorization vulnerability in Mvpthemes ZOX News
The Zox News theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backup_options' and 'restore_options' function in all versions up to, and including, 3.16.0. | 8.8 |
| 2025-01-26 | CVE-2024-10574 | The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ays_save_google_credentials' function in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency). | 7.2 |
| 2025-01-25 | CVE-2024-13449 | Missing Authorization vulnerability in Ibsofts Boom Fest
The Boom Fest plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'bf_admin_action' function in all versions up to, and including, 2.2.1. | 4.3 |
| 2025-01-25 | CVE-2024-12113 | The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_user_review() and delete_review() functions in all versions up to, and including, 1.3.2. | 4.3 |