CVE Alert: CVE-2024-5667
Vulnerability Summary: CVE-2024-5667 Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Featherlight.js JavaScript library...
CVE
CVE Alert: CVE-2024-13815
Vulnerability Summary: CVE-2024-13815 The The Listingo theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to,...
CVE Alert: CVE-2024-13809
Vulnerability Summary: CVE-2024-13809 The Hero Slider - WordPress Slider Plugin plugin for WordPress is vulnerable to SQL Injection via several...
CVE Alert: CVE-2024-13810
Vulnerability Summary: CVE-2024-13810 The Zass - WooCommerce Theme for Handmade Artists and Artisans theme for WordPress is vulnerable to unauthorized...
CVE Alert: CVE-2025-0956
Vulnerability Summary: CVE-2025-0956 The WooCommerce Recover Abandoned Cart plugin for WordPress is vulnerable to PHP Object Injection in all versions...
CVE Alert: CVE-2025-25015
Vulnerability Summary: CVE-2025-25015 Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted...
CVE Alert: CVE-2025-1515
Vulnerability Summary: CVE-2025-1515 The WP Real Estate Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up...
CVE Alert: CVE-2025-0954
Vulnerability Summary: CVE-2025-0954 The WP Online Contract plugin for WordPress is vulnerable to unauthorized access due to a missing capability...
CVE Alert: CVE-2024-11153
Vulnerability Summary: CVE-2024-11153 The Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More plugin...
CVE Alert: CVE-2024-12650
Vulnerability Summary: CVE-2024-12650 An attacker with low privileges can manipulate the requested memory size, causing the application to use an...
CVE Alert: CVE-2025-1702
Vulnerability Summary: CVE-2025-1702 The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for...
CVE Alert: CVE-2024-12281
Vulnerability Summary: CVE-2024-12281 The Homey theme for WordPress is vulnerable to privilege escalation in all versions up to, and including,...
CVE Alert: CVE-2024-11951
Vulnerability Summary: CVE-2024-11951 The Homey Login Register plugin for WordPress is vulnerable to privilege escalation in all versions up to,...
CVE Alert: CVE-2024-13423
Vulnerability Summary: CVE-2024-13423 The Sparkling theme for WordPress is vulnerable to unauthorized plugin activation/deactivation due to a missing capability check...
CVE Alert: CVE-2024-13147
Vulnerability Summary: CVE-2024-13147 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Merkur Software B2B...
CVE Alert: CVE-2024-12097
Vulnerability Summary: CVE-2024-12097 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Boceksoft Informatics E-Travel...
CVE Alert: CVE-2024-11216
Vulnerability Summary: CVE-2024-11216 Authorization Bypass Through User-Controlled Key, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in PozitifIK...
CVE Alert: CVE-2024-13471
Vulnerability Summary: CVE-2024-13471 The DesignThemes Core Features plugin for WordPress is vulnerable to unauthorized access of data due to a...
CVE Alert: CVE-2025-1463
Vulnerability Summary: CVE-2025-1463 The Spreadsheet Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to,...
CVE Alert: CVE-2025-23416
Vulnerability Summary: CVE-2025-23416 Path traversal may lead to arbitrary file deletion. The score without least privilege principle violation is as...
CVE Alert: CVE-2025-21095
Vulnerability Summary: CVE-2025-21095 Path traversal may lead to arbitrary file download. The score without least privilege principle violation is as...
CVE Alert: CVE-2023-38693
Vulnerability Summary: CVE-2023-38693 Lucee Server (or simply Lucee) is a dynamic, Java based, tag and scripting language used for rapid...
CVE Alert: CVE-2025-24494
Vulnerability Summary: CVE-2025-24494 Path traversal may allow remote code execution using privileged account (requires device admin account, cannot be performed...
CVE Alert: CVE-2025-22212
Vulnerability Summary: CVE-2025-22212 A SQL injection vulnerability in the ConvertForms component versions 1.0.0-1.0.0 - 4.4.9 for Joomla allows authenticated attackers...
