CVE-2025-11008

The CE21 Suite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.1 via the log file. This makes it possible for unauthenticated attackers to extract sensitive data including authentication credentials, which can be used to log in as oth...

CVE-2025-11007

CVE-2025-11007 : CE21 Suite for WordPress (versions 2.2.1–2.3.1) suffers an unauthorized plugin settings update flaw due to a missing capability check on the wp_ajax_nopriv_ce21_single_sign_on_save_api_settings action. This permits unauthenticated users to modify API settings, including the secre...

CVE-2024-10284

The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21authenticationphrase' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site,...

CVE-2024-10285

The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the plugin-log.txt in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to log in the user associated with the JWT token...

CVE-2024-10284

The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21authenticationphrase' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site,...

WordPress CE21 Suite Plugin <= 2.2.0 is vulnerable to Broken Access Control

Software CE21 Suite Type Plugin Vulnerable versions = 2.2.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10294 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 61161cac4b51 Credits István Márton Required privile...