The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 7.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files, generate […]
The following table lists the changes that have been made to the CVE-2024-26006 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics.
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) […]
CVE ID : CVE-2025-1507 Published : March 14, 2025, 9:15 a.m. | 1 hour, 30 minutes ago Description : The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_actions() function in all versions up to, and including, 3.2.1. This makes it possible […]
CVE ID : CVE-2025-1526 Published : March 14, 2025, 8:15 a.m. | 15 minutes ago Description : The DethemeKit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the De Product Display Widget (countdown feature) in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping. This makes […]
CVE ID : CVE-2024-13407 Published : March 14, 2025, 8:15 a.m. | 15 minutes ago Description : The Omnipress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.4 via the megamenu block due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, […]
CVE ID : CVE-2024-13321 Published : March 14, 2025, 8:15 a.m. | 15 minutes ago Description : The AnalyticsWP plugin for WordPress is vulnerable to SQL Injection via the ‘custom_sql’ parameter in all versions up to, and including, 2.0.0 due to insufficient authorization checks on the handle_get_stats() function. This makes it possible for unauthenticated attackers to […]
CVE ID : CVE-2025-2221 Published : March 14, 2025, 7:15 a.m. | 1 hour, 15 minutes ago Description : The WPCOM Member plugin for WordPress is vulnerable to time-based SQL Injection via the ‘user_phone’ parameter in all versions up to, and including, 1.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation […]
The CiyaShop – Multipurpose WooCommerce Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.19.0 via deserialization of untrusted input in the ‘add_ciyashop_wishlist’ and ‘ciyashop_get_compare’ functions. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable […]
CVE ID : CVE-2025-2289 Published : March 14, 2025, 6:15 a.m. | 2 hours, 15 minutes ago Description : The Zegen – Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, and including, 1.1.9. This makes it possible for authenticated […]
