The following table lists the changes that have been made to the CVE-2025-25477 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics. New CVE Received by [email protected] Feb. 28, 2025 Action […]
CVE ID : CVE-2025-1687 Published : Feb. 28, 2025, 12:15 a.m. | 1 hour, 30 minutes ago Description : The Cardealer theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.4. This is due to missing nonce validation on the ‘update_user_profile’ function. This makes it possible for unauthenticated attackers to update […]
CVE ID : CVE-2025-1682 Published : Feb. 28, 2025, 12:15 a.m. | 1 hour, 30 minutes ago Description : The Cardealer theme for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.4 due to missing capability check on the ‘save_settings’ function. This makes it possible for authenticated attackers, with subscriber-level access and above, […]
CVE ID : CVE-2025-1681 Published : Feb. 28, 2025, 12:15 a.m. | 1 hour, 30 minutes ago Description : The Cardealer theme for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check and missing filename sanitization on the demo theme scheme AJAX functions in versions up to, and […]
CVE ID : CVE-2024-12811 Published : Feb. 28, 2025, 12:15 a.m. | 1 hour, 30 minutes ago Description : The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.8 via the ‘hotel_alone_slider’ shortcode ‘style’ attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to […]
Unit A5, Endeavour Business Park
Penner Road, Havant
PO9 1QN
Company Registration Number: 5334133
Company VAT Number: 855 7246 95
