The following table lists the changes that have been made to the CVE-2025-26793 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics. New CVE Received by [email protected] Feb. 15, 2025 Action […]
CVE ID : CVE-2024-13834 Published : Feb. 15, 2025, 3:15 p.m. | 1 hour, 35 minutes ago Description : The Responsive Plus – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.4 via the ‘remote_request’ function. This makes it […]
CVE ID : CVE-2025-0822 Published : Feb. 15, 2025, 1:15 p.m. | 1 hour, 31 minutes ago Description : Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the fileID Parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents […]
CVE ID : CVE-2024-13500 Published : Feb. 15, 2025, 12:15 p.m. | 31 minutes ago Description : The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.6.17 due […]
CVE ID : CVE-2024-13488 Published : Feb. 15, 2025, 12:15 p.m. | 31 minutes ago Description : The LTL Freight Quotes – Estes Edition plugin for WordPress is vulnerable to SQL Injection via the ‘dropship_edit_id’ and ‘edit_id’ parameters in all versions up to, and including, 3.3.7 due to insufficient escaping on the user supplied parameter and […]
CVE ID : CVE-2024-13439 Published : Feb. 15, 2025, 12:15 p.m. | 31 minutes ago Description : The Team – Team Members Showcase Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response() function in all versions up to, and including, 4.4.9. This makes it possible for authenticated […]
CVE ID : CVE-2024-10581 Published : Feb. 15, 2025, 12:15 p.m. | 31 minutes ago Description : The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9. This is due to missing or incorrect nonce validation on the dpfl_listingStatusChange() function. This makes it possible for unauthenticated […]
CVE ID : CVE-2024-13752 Published : Feb. 15, 2025, 10:15 a.m. | 31 minutes ago Description : The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check in the ‘/pm/v2/settings/notice’ endpoint all versions […]
CVE ID : CVE-2025-1005 Published : Feb. 15, 2025, 10:15 a.m. | 31 minutes ago Description : The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Image Accordion widget in all versions up to, and including, 3.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. […]
CVE ID : CVE-2024-12562 Published : Feb. 15, 2025, 10:15 a.m. | 31 minutes ago Description : The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 241216 via deserialization of untrusted input from the ‘s2member_pro_remote_op’ vulnerable parameter. This makes it possible for unauthenticated attackers to inject […]
Unit A5, Endeavour Business Park
Penner Road, Havant
PO9 1QN
Company Registration Number: 5334133
Company VAT Number: 855 7246 95
