CVE-2025-26936 |
Description: CVE-2025-26936: WordPress Fresh Framework Plugin <= 1.70.0 is vulnerable to Remote Code Execution (RCE)
CVSS: CRITICAL (10.0) EPSS Score: 0.07%
March 10th, 2025 (3 months ago)
|
CVE-2025-26936 |
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Fresh Framework allows Code Injection. This issue affects Fresh Framework: from n/a through 1.70.0.
CVSS: CRITICAL (10.0) EPSS Score: 0.07%
March 10th, 2025 (3 months ago)
|
CVE-2025-26916 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in EPC Massive Dynamic. This issue affects Massive Dynamic: from n/a through 8.2.
CVSS: CRITICAL (9.0) EPSS Score: 0.14% SSVC Exploitation: none
March 10th, 2025 (3 months ago)
|
CVE-2025-0177 |
Description: The Javo Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.0.0.080. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.
CVSS: CRITICAL (9.8) EPSS Score: 0.06%
March 8th, 2025 (3 months ago)
|
CVE-2025-1315 |
Description: The InWave Jobs plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 3.5.1. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
CVSS: CRITICAL (9.8) EPSS Score: 0.06%
March 7th, 2025 (3 months ago)
|
CVE-2024-12876 |
Description: The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.10. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
CVSS: CRITICAL (9.8) EPSS Score: 0.06%
March 7th, 2025 (3 months ago)
|
CVE-2025-1475 |
Description: The WPCOM Member plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.5. This is due to insufficient verification on the 'user_phone' parameter when logging in. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if SMS login is enabled.
CVSS: CRITICAL (9.8) EPSS Score: 0.16%
March 7th, 2025 (3 months ago)
|
CVE-2024-12281 |
Description: The Homey theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.2. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the Editor or Shop Manager role.
CVSS: CRITICAL (9.8) EPSS Score: 0.06%
March 5th, 2025 (3 months ago)
|
CVE-2024-11951 |
Description: The Homey Login Register plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.0. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.
CVSS: CRITICAL (9.8) EPSS Score: 0.06%
March 5th, 2025 (3 months ago)
|
CVE-2025-1515 |
Description: The WP Real Estate Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.8. This is due to insufficient identity verification on the LinkedIn login request process. This makes it possible for unauthenticated attackers to bypass official authentication and log in as any user on the site, including administrators.
CVSS: CRITICAL (9.8) EPSS Score: 0.15%
March 5th, 2025 (3 months ago)
|