Medium - CVE-2024-13539 - The AForms Eats plugin for WordPress is...
The AForms Eats plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.3.1. This is due the /vendor/aura/payload-interface/phpunit.php file being...
Medium - CVE-2024-13541 - The aDirectory – WordPress Directory Listing...
The aDirectory – WordPress Directory Listing Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the adqs_delete_listing() function in all...
Medium - CVE-2024-13554 - The The Ultimate WordPress Toolkit – WP...
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reorder_route() function in all...
Medium - CVE-2024-13701 - The Liveticker (by stklcode) plugin for...
The Liveticker (by stklcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'liveticker' shortcode in all versions up to, and including, 1.2.2 due...
Medium - CVE-2024-13749 - The StaffList plugin for WordPress is...
The StaffList plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.3. This is due to missing or incorrect nonce validation on the...
Medium - CVE-2025-0808 - The Houzez Property Feed plugin for WordPress...
The Houzez Property Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.21. This is due to missing or incorrect nonce validation on the...
Medium - CVE-2024-11746 - The Discover the Best Woocommerce Product...
The Discover the Best Woocommerce Product Brands Plugin for WordPress – Woocommerce Brands Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's...
Medium - CVE-2024-12164 - The WPSyncSheets Lite For WPForms – WPForms...
The WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the...
Critical - CVE-2024-13421 - The Real Estate 7 WordPress theme for WordPress...
The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.1. This is due to the plugin not properly restricting the roles...
High - CVE-2024-13653 - The ZoxPress - The All-In-One WordPress News...
The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on...