CVE-2024-25600

Bricks Builder (WordPress) is affected up to version 1.9.6 with an unauthenticated remote code execution via the vulnerable REST endpoint /wp-json/bricks/v1/render_element. The root cause is in Bricks\Query::prepare_query_vars_from_settings where user input from the queryEditor is passed directly...

CVE-2023-52147

CVE-2023-52147 concerns the WordPress plugin All In One WP Security & Firewall (AIOS)

CVE-2023-51667

CVE-2023-51667 affects the Rate my Post – WP Rating System WordPress plugin (

CVE-2023-51544

CVE-2023-51544 affects the RegistrationMagic WordPress plugin (versions up to 5.2.5.0). It is a Form Submission Limit Bypass caused by improper control of interaction frequency; the vulnerability has been patched in a later release per Wordfence records (no exploit/vector details provided in the ...

CVE-2023-51543

CVE-2023-51543 describes an Authentication Bypass by Spoofing in the WordPress plugin RegistrationMagic (Metagauss) that allows bypassing ACL constraints to access restricted functionality. Affected versions are RegistrationMagic up to 5.2.5.0 (version range stated as n/a through 5.2.5.0). The vu...

CVE-2023-51542

CVE-2023-51542 concerns Branda (WordPress White Label plugin by WPMU DEV). Affected versions are Branda: from n/a through 3.4.14. The issue is an authentication bypass by spoofing, allowing access to functionality not properly constrained by ACLs. The CVSS 3.1 vector yields a base score of 5.3 (M...

CVE-2023-51511

CVE-2023-51511 involves Booster Elite for WooCommerce (Pluggabl LLC) with an improper authentication vulnerability that allows accessing functionality not properly constrained by ACLs. Affected software: Booster Elite for WooCommerce prior to version 7.1.3. Public references indicate a base CVSS ...

CVE-2023-49822

CVE-2023-49822 affects the WordPress plugin “Ultimate Dashboard” (Ultimate Dashboard) up to version 3.7.10. The issue is a login-page disclosure vulnerability that can reveal the secret login page URL to unauthenticated actors on multisite installations, effectively bypassing access constraints a...

CVE-2023-49774

CVE-2023-49774 concerns the WordPress plugin WP Photo Album Plus (versions up to 8.5.02.005). The Red Hat/NVD entries describe an Information Exposure/Bypass issue where unauthenticated users could bypass login protection by manipulating IP-related behavior. PatchStack confirms the vulnerability ...

CVE-2023-49748

CVE-2023-49748 affects the WP Hide Login plugin (WordPress) up to version 1.9.11. The vulnerability is described as a Secret Login Page Location Disclosure on multisite installations, enabling exposure of login functionality due to ACLs not constraining access as intended. It has a low overall im...

CVE-2023-49741

CVE-2023-49741 affects the WordPress plugin Coming Soon and Maintenance mode (

CVE-2023-48747

CVE-2023-48747 affects Booster for WooCommerce (WordPress plugin)

CVE-2023-48745

CVE-2023-48745 affects the WordPress plugin Captcha Code by WebFactory Ltd. It is caused by improper restriction of excessive authentication attempts, enabling a bypass of captcha protection. Affected versions are

CVE-2023-48318

CVE-2023-48318 is a CAPTCHA bypass vulnerability in WordPress plugin Contact Form Email (

CVE-2023-48290

Form Maker by 10Web WordPress plugin

CVE-2023-47513

The CVE-2023-47513 entry concerns ARI Stream Quiz for WordPress (ARI Stream Quiz plugin). Affected software: ARI Stream Quiz versions up to and including 1.3.2. Root cause: Improper handling/neutralization of script-related HTML tags enabling content injection (Basic XSS). Impact: potential code ...

CVE-2023-47189

CVE-2023-47189 affects WordPress Defender Security plugin versions

CVE-2023-46630

CVE-2023-46630 affects WordPress Admin and Site Enhancements (ASE) plugin versions up to 5.7.1. The issue is an unauthenticated bypass of Password Protection Mode due to a flawed authentication flow (reported as bypass via the maybe_process_login path), allowing access to password-protected conte...

CVE-2023-46310

CVE-2023-46310 describes a Content Injection vulnerability in the WordPress plugin wpDiscuz (gVectors Team) affecting versions up to 7.6.10. The issue is due to improper neutralization of script-related HTML tags, enabling code injection via wpDiscuz content. Public sources in the connected docum...

CVE-2023-45009

CVE-2023-45009 is a CAPTCHA/Honeypot plugin vulnerability for WordPress Contact Form 7 (Captcha/Honeypot for Contact Form 7 by Forge12 Interactive GmbH). It allows bypass of authentication-related checks due to improper restriction of excessive authentication attempts in versions up to 1.11.3. Pu...