CVE ID : CVE-2024-13856 Published : March 22, 2025, 7:15 a.m. | 2 hours, 3 minutes ago Description : The Your Friendly Drag and Drop Page Builder — Make Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.10 via the make_builder_ajax_subscribe() function. This makes it possible for authenticated […]
CVE ID : CVE-2024-13768 Published : March 22, 2025, 7:15 a.m. | 2 hours, 3 minutes ago Description : The CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2. This is due to missing or incorrect nonce […]
CVE ID : CVE-2025-1408 Published : March 22, 2025, 5:15 a.m. | 1 hour, 53 minutes ago Description : The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_decline_join_group_request and pm_approve_join_group_request functions in all versions up to, and including, 5.9.4.4. […]
CVE ID : CVE-2025-0723 Published : March 22, 2025, 5:15 a.m. | 1 hour, 53 minutes ago Description : The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind and time-based SQL Injections via the rid and search parameters in all versions up to, and including, 5.9.4.7 due to insufficient escaping on […]
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.9.4.5 via deserialization of untrusted input in the get_user_meta_fields_html function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. No known POP chain […]
CVE ID : CVE-2024-13739 Published : March 22, 2025, 5:15 a.m. | 1 hour, 53 minutes ago Description : The Newsletters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the “to” parameter in all versions up to, and including, 4.9.9.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers […]
CVE ID : CVE-2024-13737 Published : March 22, 2025, 3:15 a.m. | 1 hour, 34 minutes ago Description : The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the motors_create_template and motors_delete_template functions in all versions up to, and including, 1.4.57. […]
The following table lists the changes that have been made to the CVE-2025-30472 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics. New CVE Received by [email protected] Mar. 22, 2025 Action […]
Unit A5, Endeavour Business Park
Penner Road, Havant
PO9 1QN
Company Registration Number: 5334133
Company VAT Number: 855 7246 95
