Total
9643 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-13525 | 1 Wpfactory | 1 Customer Email Verification For Woocommerce | 2025-02-24 | 6.5 Medium |
| The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via Shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including emails as well as hashed passwords of any user. | ||||
| CVE-2024-13600 | 1 Majesticsupport | 1 Majestic Support | 2025-02-24 | 7.5 High |
| The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.5 via the 'majesticsupportdata' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/majesticsupportdata directory which can contain file attachments included in support tickets. | ||||
| CVE-2025-1595 | 2025-02-24 | 5.3 Medium | ||
| A vulnerability has been found in Anhui Xufan Information Technology EasyCVR up to 2.7.0 and classified as problematic. This vulnerability affects unknown code of the file /api/v1/getbaseconfig. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-22866 | 1 Redhat | 7 Acm, Apache Camel Hawtio, Ceph Storage and 4 more | 2025-02-21 | 4 Medium |
| Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols. | ||||
| CVE-2024-57716 | 2025-02-21 | 7.5 High | ||
| An issue in trenoncourt AutoQueryable v.1.7.0 allows a remote attacker to obtain sensitive information via the Unselectable function. | ||||
| CVE-2024-13609 | 1 1clickmigration | 1 1 Click Migration | 2025-02-21 | 5.9 Medium |
| The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1 via the class-ocm-backup.php. This makes it possible for unauthenticated attackers to extract sensitive data including usernames and their respective password hashes during a short window of time in which the backup is in process. | ||||
| CVE-2021-31567 | 1 Wpchill | 1 Download Monitor | 2025-02-20 | 6.8 Medium |
| Authenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6). The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the &downloadable_file_urls[0] parameter data. It's also possible to escape from the web server home directory and download any file within the OS. | ||||
| CVE-2022-23982 | 1 Quadlayers | 1 Perfect Brands For Woocommerce | 2025-02-20 | 4.3 Medium |
| The vulnerability discovered in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4) allows server information exposure. | ||||
| CVE-2022-23984 | 1 Gvectors | 1 Wpdiscuz | 2025-02-20 | 3.7 Low |
| Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11). | ||||
| CVE-2022-25602 | 1 Expresstech | 1 Responsive Menu | 2025-02-20 | 8.3 High |
| Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions <= 4.1.7). | ||||
| CVE-2022-27844 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2025-02-20 | 2.7 Low |
| Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging – WPvivid (WordPress plugin) versions <= 0.9.70 | ||||
| CVE-2022-27849 | 1 Plugin-planet | 1 Simple Ajax Chat | 2025-02-20 | 5.3 Medium |
| Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115 | ||||
| CVE-2022-27863 | 1 Vikwp | 1 Vikbooking Hotel Booking Engine \& Property Management System Plugin | 2025-02-20 | 5.3 Medium |
| Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to get the booking data by guessing / brute-forcing easy predictable booking IDs via search POST requests. | ||||
| CVE-2022-34867 | 1 Wp Libre Form Project | 1 Wp Libre Form | 2025-02-20 | 7.3 High |
| Unauthenticated Sensitive Information Disclosure vulnerability in WP Libre Form 2 plugin <= 2.0.8 at WordPress allows attackers to list and delete submissions. Affects only versions from 2.0.0 to 2.0.8. | ||||
| CVE-2022-40194 | 1 Cusrev | 1 Customer Reviews For Woocommerce | 2025-02-20 | 5.3 Medium |
| Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress | ||||
| CVE-2022-42883 | 1 Expresstech | 1 Quiz And Survey Master | 2025-02-20 | 5.3 Medium |
| Sensitive Information Disclosure vulnerability discovered by Quiz And Survey Master plugin <= 7.3.10 on WordPress. | ||||
| CVE-2022-41655 | 1 Algolplus | 1 Phone Orders For Woocommerce | 2025-02-20 | 4.3 Medium |
| Auth. (subscriber+) Sensitive Data Exposure vulnerability in Phone Orders for WooCommerce plugin <= 3.7.1 on WordPress. | ||||
| CVE-2022-41618 | 1 Davidlingren | 1 Media Library Assistant | 2025-02-20 | 3.7 Low |
| Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin <= 3.00 on WordPress. | ||||
| CVE-2025-24011 | 1 Umbraco | 1 Umbraco Cms | 2025-02-20 | 5.3 Medium |
| Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, it's possible to determine whether an account exists based on an analysis of response codes and timing of Umbraco management API responses. Versions 14.3.2 and 15.1.2 contain a patch. No known workarounds are available. | ||||
| CVE-2023-21067 | 1 Google | 1 Android | 2025-02-20 | 7.5 High |
| Product: AndroidVersions: Android kernelAndroid ID: A-254114726References: N/A | ||||