CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11284 – WP JobHunt <= 7.1 - Unauthenticated Privilege Escalation via Password Reset/Account Takeover
https://notcve.org/view.php?id=CVE-2024-11284
13 Mar 2025 — The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.9. • https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11285 – WP JobHunt <= 7.1 - Unauthenticated Privilege Escalation via Email Update/Account Takeover
https://notcve.org/view.php?id=CVE-2024-11285
13 Mar 2025 — The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1. • https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11286 – WP JobHunt <= 7.1 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2024-11286
13 Mar 2025 — The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. • https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13446 – Workreap <= 3.2.5 - Unauthenticated Privilege Escalation via Account Takeover
https://notcve.org/view.php?id=CVE-2024-13446
11 Mar 2025 — The Workreap plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.2.5. • https://themeforest.net/item/workreap-freelance-marketplace-wordpress-theme/23712454 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 10.0EPSS: 72%CPEs: 1EXPL: 2CVE-2025-1661 – HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.5 - Unauthenticated Local File Inclusion
https://notcve.org/view.php?id=CVE-2025-1661
10 Mar 2025 — The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.6.5 via the 'template' parameter of the woof_text_search AJAX action. • https://github.com/gbrsh/CVE-2025-1661 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11640 – VikRentCar Car Rental Management System <= 1.4.2 - Cross-Site Request Forgery to Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-11640
07 Mar 2025 — The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. • https://plugins.trac.wordpress.org/changeset/3225040/vikrentcar • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13359 – Product Input Fields for WooCommerce <= 1.12.0 - Unauthenticated Limited File Upload
https://notcve.org/view.php?id=CVE-2024-13359
07 Mar 2025 — The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the add_product_input_fields_to_order_item_meta() function in all versions up to, and including, 1.12.1. ... The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the add_product_input_fields_to_order_item_meta() function in all versions up to, and including, ... • https://plugins.trac.wordpress.org/browser/product-input-fields-for-woocommerce/tags/-1.8.2/includes/class-alg-wc-pif-main.php • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0177 – Javo Core <= 3.0.0.080 - Unauthenticated Privilege Escalation in ajax_signup
https://notcve.org/view.php?id=CVE-2025-0177
07 Mar 2025 — The Javo Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.0.0.080. • https://themeforest.net/item/javo-directory-wordpress-theme/8390513#item-description__update-history • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11087 – miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon <= 200.3.9 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2024-11087
07 Mar 2025 — The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. • https://www.miniorange.com • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1315 – InWave Jobs <= 3.5.1 - Unauthenticated Privilege Escalation via Password Reset
https://notcve.org/view.php?id=CVE-2025-1315
06 Mar 2025 — The InWave Jobs plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 3.5.1. • https://themeforest.net/item/injob-job-board-wordpress-theme/20322987 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •