| 2025-03-04 | CVE-2025-1307 | Missing Authorization vulnerability in Spicethemes Newscrunch
The Newscrunch theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check in the newscrunch_install_and_activate_plugin() function in all versions up to, and including, 1.8.4.1. | 9.8 |
| 2025-03-04 | CVE-2024-13686 | The VW Storefront theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vw_storefront_reset_all_settings() function in all versions up to, and including, 0.9.9. | 4.3 |
| 2025-03-04 | CVE-2025-1639 | Missing Authorization vulnerability in Crowdytheme Arolax
The Animation Addons for Elementor Pro plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the install_elementor_plugin_handler() function in all versions up to, and including, 1.6. | 8.8 |
| 2025-03-03 | CVE-2025-24654 | Missing Authorization vulnerability in Squirrly SEO Plugin BY Squirrly SEO
Missing Authorization vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.4.05. | 8.8 |
| 2025-03-01 | CVE-2025-1404 | The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_sccp_reports_user_search() function in all versions up to, and including, 4.4.7. | 5.3 |
| 2025-03-01 | CVE-2024-12544 | The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to arbitrary file deletion due to a missing capability check on the callback function of the SurveyJS_DeleteFile class in all versions up to, and including, 1.12.17. | 8.8 |
| 2025-03-01 | CVE-2025-1502 | The IP2Location Redirection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'download_ip2location_redirection_backup' AJAX action in all versions up to, and including, 1.33.3. | 5.3 |
| 2025-03-01 | CVE-2024-13746 | The Booking Calendar and Notification plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on the wpcb_all_bookings(), wpcb_update_booking_post(), and wpcb_delete_posts() functions in all versions up to, and including, 4.0.3. | 6.5 |
| 2025-03-01 | CVE-2024-13358 | The BuddyPress WooCommerce My Account Integration. | 4.3 |
| 2025-03-01 | CVE-2025-1780 | The BuddyPress WooCommerce My Account Integration. | 4.3 |