CVE-2025-12621

The Flexible Refund and Return Order for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on the 'createrefund' function in all versions up to, and including, 1.0.42. This makes it possible for authenticated attackers, wit...

CVE-2025-6003 WordPress Single Sign-On (SSO) - Multiple Versions - Incorrect Authorization to Sensitive Information Exposure

The WordPress Single Sign-On SSO plugin for WordPress is vulnerable to unauthorized access due to a misconfigured capability check on a function in all versions up to, and including, the .5.3 versions of the plugin. This makes it possible for unauthenticated attackers to extract sensitive data...

CVE-2024-11194 Classified Listing – Classified ads & Business Directory Plugin <= 3.1.15.1 - Authenticated (Subscriber+) Limited Arbitrary Option Update

The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a misconfigured check on the 'rtclimportsettings' function in all versions up to, and including, 3.1.15.1. This...

CVE-2024-11194

CVE-2024-11194 affects the WordPress plugin Classified Listing – Classified ads & Business Directory Plugin (versions