CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3918 – Job Listings 0.1 - 0.1.1 - Unauthenticated Privilege Escalation via register_action Function
https://notcve.org/view.php?id=CVE-2025-3918
02 May 2025 — The Job Listings plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the register_action() function in versions 0.1 to 0.1.1. • https://wordpress.org/plugins/job-listings/#developers • CWE-285: Improper Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3746 – OTP-less one tap Sign in 2.0.14 - 2.0.59 - Unauthenticated Arbitrary Email Update to Account Takeover/Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-3746
01 May 2025 — The OTP-less one tap Sign in plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.14 to 2.0.59. • https://plugins.trac.wordpress.org/browser/otpless/tags/2.0.59./includes/class-login.php • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1305 – NewsBlogger <= 0.2.5.4 - Cross-Site Request Forgery to Arbitrary Plugin Installation
https://notcve.org/view.php?id=CVE-2025-1305
30 Apr 2025 — The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.5.4. • https://themes.trac.wordpress.org/browser/newsblogger/0.2/functions.php#L440 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 13%CPEs: 1EXPL: 3CVE-2025-27007 – WordPress SureTriggers <= 1.0.82 - Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-27007
30 Apr 2025 — The OttoKit: All-in-One Automation Platform (Formerly SureTriggers) plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.82. ... WordPress OttoKit plugin versions 1.0.82 and below suffer from a privilege escalation vulnerability. • https://patchstack.com/database/wordpress/plugin/suretriggers/vulnerability/wordpress-suretriggers-1-0-82-privilege-escalation-vulnerability? • CWE-266: Incorrect Privilege Assignment CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2470 – Service Finder Bookings <= 5.1 - Unauthenticated Privilege Escalation via 'nsl_registration_store_extra_input'
https://notcve.org/view.php?id=CVE-2025-2470
24 Apr 2025 — The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. ... El complemento Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, es vulnerable a la escalada de privilegios en todas las versiones hasta la 5.1 incluida. • https://themeforest.net/item/service-finder-service-and-business-listing-wordpress-theme/15208793 • CWE-266: Incorrect Privilege Assignment •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2025-3604 – Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Account Takeover
https://notcve.org/view.php?id=CVE-2025-3604
23 Apr 2025 — The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. ... El complemento Flynax Bridge para WordPress es vulnerable a la escalada de privilegios mediante el robo de cuentas en todas las versiones hasta la 2.2.0 incluida. ... WordPress Flynax Bridge plugin versions 2.2.0 and below suffer from an unauthenticated privilege escalation vulnerability. • https://packetstorm.news/files/id/190799 • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3603 – Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Password Update
https://notcve.org/view.php?id=CVE-2025-3603
23 Apr 2025 — The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. ... El complemento Flynax Bridge para WordPress es vulnerable a la escalada de privilegios mediante el robo de cuentas en todas las versiones hasta la 2.2.0 incluida. • https://plugins.trac.wordpress.org/browser/flynax-bridge/trunk/request.php • CWE-620: Unverified Password Change •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46249 – WordPress Simple calendar for Elementor <= 1.6.4 - Cross Site Request Forgery (CSRF) Vulnerability
https://notcve.org/view.php?id=CVE-2025-46249
22 Apr 2025 — The Simple calendar for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.4. • https://patchstack.com/database/wordpress/plugin/simple-calendar-for-elementor/vulnerability/wordpress-simple-calendar-for-elementor-1-6-4-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46231 – WordPress affiliate-toolkit <= 3.7.3 - Cross Site Request Forgery (CSRF) Vulnerability
https://notcve.org/view.php?id=CVE-2025-46231
22 Apr 2025 — The affiliate-toolkit – WP Affiliate Plugin with Amazon plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.7.3. • https://patchstack.com/database/wordpress/plugin/affiliate-toolkit-starter/vulnerability/wordpress-affiliate-toolkit-3-7-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46251 – WordPress VikRestaurants Table Reservations and Take-Away plugin <= 1.3.3 - CSRF to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2025-46251
22 Apr 2025 — The VikRestaurants Table Reservations and Take-Away plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.3. • https://patchstack.com/database/wordpress/plugin/vikrestaurants/vulnerability/wordpress-vikrestaurants-table-reservations-and-take-away-plugin-1-3-3-csrf-to-stored-xss-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •