Medium - CVE-2024-11153 - The Content Control – The Ultimate Content...
The Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all...
Critical - CVE-2024-11951 - The Homey Login Register plugin for WordPress...
The Homey Login Register plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.0. This is due to the plugin allowing users who are registering new...
Critical - CVE-2024-12281 - The Homey theme for WordPress is vulnerable to...
The Homey theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.2. This is due to the plugin allowing users who are registering new accounts to set...
Medium - CVE-2024-12650 - An attacker with low privileges can manipulate...
An attacker with low privileges can manipulate the requested memory size, causing the application to use an invalid memory area. This could lead to a crash of the application but it does not...
Medium - CVE-2024-13423 - The Sparkling theme for WordPress is vulnerable...
The Sparkling theme for WordPress is vulnerable to unauthorized plugin activation/deactivation due to a missing capability check on the 'sparkling_activate_plugin' and...
High - CVE-2024-13471 - The DesignThemes Core Features plugin for...
The DesignThemes Core Features plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dt_process_imported_file function in all versions up to,...
Medium - CVE-2025-1463 - The Spreadsheet Integration plugin for...
The Spreadsheet Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.2. This is due to improper nonce validation within the...
High - CVE-2025-1702 - The Ultimate Member – User Profile,...
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the...
High - CVE-2024-11216 - Authorization Bypass Through User-Controlled...
Authorization Bypass Through User-Controlled Key, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in PozitifIK Pik Online allows Account Footprinting, Session...
Critical - CVE-2024-12097 - Improper Neutralization of Special Elements...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Boceksoft Informatics E-Travel allows SQL Injection.This issue affects E-Travel:...