CVE ID : CVE-2025-1764 Published : March 14, 2025, 6:15 a.m. | 2 hours, 15 minutes ago Description : The LoginPress | wp-login Custom Login Page Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.1. This is due to missing or incorrect nonce validation on the ‘custom_plugin_set_option’ function. […]
The following table lists the changes that have been made to the CVE-2025-2103 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics.
The following table lists the changes that have been made to the CVE-2025-0952 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics.
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.0.83. This is due to missing or incorrect nonce validation in the ‘/migrate/templates/main.php’ file. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, […]
The following table lists the changes that have been made to the CVE-2024-13376 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics.
CVE ID : CVE-2025-2166 Published : March 14, 2025, 5:15 a.m. | 1 hour, 9 minutes ago Description : The CM FAQ – Simplify support with an intuitive FAQ management tool plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, […]
CVE ID : CVE-2025-2056 Published : March 14, 2025, 5:15 a.m. | 1 hour, 9 minutes ago Description : The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 5.4.01 via the showFile function. This makes it possible for unauthenticated attackers […]
CVE ID : CVE-2025-1528 Published : March 14, 2025, 5:15 a.m. | 1 hour, 9 minutes ago Description : The Search & Filter Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘get_meta_values’ function in all versions up to, and including, 2.5.19. This makes it possible for […]
CVE ID : CVE-2025-1285 Published : March 14, 2025, 5:15 a.m. | 1 hour, 9 minutes ago Description : The Resido – Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the delete_api_key and save_api_key AJAX actions in all versions up to, and including, 3.6. This makes […]
CVE ID : CVE-2025-0955 Published : March 14, 2025, 5:15 a.m. | 1 hour, 9 minutes ago Description : The VidoRev Extensions plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ‘vidorev_import_single_video’ AJAX action in all versions up to, and including, 2.9.9.9.9.9.5. This makes it possible for unauthenticated attackers to […]
Unit A5, Endeavour Business Park
Penner Road, Havant
PO9 1QN
Company Registration Number: 5334133
Company VAT Number: 855 7246 95
