| 2025-03-14 | CVE-2025-2103 | Missing Authorization vulnerability in Irontemplates Soundrise
The SoundRise Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on theironMusic_ajax() function in all versions up to, and including, 1.6.11. | 8.8 |
| 2025-03-14 | CVE-2025-2289 | Missing Authorization vulnerability in Zozothemes Zegen
The Zegen - Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, and including, 1.1.9. | 8.8 |
| 2025-03-14 | CVE-2025-0955 | The VidoRev Extensions plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'vidorev_import_single_video' AJAX action in all versions up to, and including, 2.9.9.9.9.9.5. | 5.3 |
| 2025-03-14 | CVE-2025-1285 | The Resido - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the delete_api_key and save_api_key AJAX actions in all versions up to, and including, 3.6. | 5.3 |
| 2025-03-14 | CVE-2025-1528 | The Search & Filter Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_meta_values' function in all versions up to, and including, 2.5.19. | 4.3 |
| 2025-03-13 | CVE-2025-24974 | Missing Authorization vulnerability in Dataease
DataEase is an open source business intelligence and data visualization tool. | 6.5 |
| 2025-03-13 | CVE-2025-2104 | The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to unauthorized post publication due to insufficient validation on the pagelayer_save_content() function in all versions up to, and including, 1.9.8. | 4.3 |
| 2025-03-13 | CVE-2024-13703 | The CRM and Lead Management by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae() function in all versions up to, and including, 2.7.1. | 4.3 |
| 2025-03-12 | CVE-2025-1508 | Missing Authorization vulnerability in Themeum WP Crowdfunding
The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_data action in all versions up to, and including, 2.1.13. | 5.3 |
| 2025-03-11 | CVE-2025-28872 | Missing Authorization vulnerability in Jwpegram Block Spam BY Math Reloaded
Missing Authorization vulnerability in jwpegram Block Spam By Math Reloaded allows Accessing Functionality Not Properly Constrained by ACLs. | 9.8 |