CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2232 – Realteo - Real Estate Plugin by Purethemes <= 1.2.8 - Authentication Bypass via 'do_register_user'
https://notcve.org/view.php?id=CVE-2025-2232
13 Mar 2025 — The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. • https://docs.purethemes.net/findeo/knowledge-base/changelog-findeo • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11284 – WP JobHunt <= 7.1 - Unauthenticated Privilege Escalation via Password Reset/Account Takeover
https://notcve.org/view.php?id=CVE-2024-11284
13 Mar 2025 — The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.9. • https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11285 – WP JobHunt <= 7.1 - Unauthenticated Privilege Escalation via Email Update/Account Takeover
https://notcve.org/view.php?id=CVE-2024-11285
13 Mar 2025 — The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1. • https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11286 – WP JobHunt <= 7.1 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2024-11286
13 Mar 2025 — The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. • https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13771 – Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.4 - Authentication Bypass via Password Update
https://notcve.org/view.php?id=CVE-2024-13771
13 Mar 2025 — The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. • http://localhost:1337/wp-content/themes/civi/includes/class-ajax.php#L715 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13824 – CiyaShop - Multipurpose WooCommerce Theme <= 4.19.0 - Unauthenticated PHP Object Injection
https://notcve.org/view.php?id=CVE-2024-13824
13 Mar 2025 — The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.19.0 via deserialization of untrusted input in the 'add_ciyashop_wishlist' and 'ciyashop_get_compare' functions. • https://themeforest.net/item/ciyashop-responsive-multipurpose-woocommerce-wordpress-theme/22055376#item-description__changelog • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13913 – InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.83 - Cross-Site Request Forgery to Local File Inclusion
https://notcve.org/view.php?id=CVE-2024-13913
13 Mar 2025 — The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.0.83. • https://plugins.trac.wordpress.org/browser/instawp-connect/trunk/admin/class-instawp-admin.php#L159 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13446 – Workreap <= 3.2.5 - Unauthenticated Privilege Escalation via Account Takeover
https://notcve.org/view.php?id=CVE-2024-13446
11 Mar 2025 — The Workreap plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.2.5. • https://themeforest.net/item/workreap-freelance-marketplace-wordpress-theme/23712454 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2025-1661 – HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.5 - Unauthenticated Local File Inclusion
https://notcve.org/view.php?id=CVE-2025-1661
10 Mar 2025 — The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.6.5 via the 'template' parameter of the woof_text_search AJAX action. • https://github.com/gbrsh/CVE-2025-1661 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0177 – Javo Core <= 3.0.0.080 - Unauthenticated Privilege Escalation in ajax_signup
https://notcve.org/view.php?id=CVE-2025-0177
07 Mar 2025 — The Javo Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.0.0.080. • https://themeforest.net/item/javo-directory-wordpress-theme/8390513#item-description__update-history • CWE-269: Improper Privilege Management •