CVE-2024-25092

CVE-2024-25092 is a Missing Authorization vulnerability in WordPress NextMove Lite (XLPlugins NextMove Lite) affecting all versions through 2.17.0. An authenticated user with subscriber-level privileges or higher can install and activate arbitrary plugins due to a missing capability check (xl_add...

CVE-2024-24716

Technical details about CVE-2024-24716 (Awesome Support Missing Authorization) are not publicly provided in the connected documents. No exploit, affected versions beyond 6.1.6, or remediation specifics are given. Monitor vendor advisories for updates.

CVE-2023-34003

CVE-2023-34003 affects the WooCommerce Box Office plugin (versions

CVE-2023-52232

CVE-2023-52232 : Booster Plus for WooCommerce (WordPress) prior to 7.1.2 has a Missing Authorization vulnerability (root cause: missing capability check) that allows an authenticated attacker to delete arbitrary posts/pages. Documented in Patchstack as Arbitrary Content Deletion with subscriber-l...

CVE-2024-22151

CVE-2024-22151 affects WordPress plugin Import and export users and customers (Codection) up to version 1.24.6, due to Missing Authorization via the fire_cron REST endpoint. Unauthenticated access could trigger plugin cron functionality; CVSS 3.1 base score listed as 5.3 (Medium). Connected sourc...

CVE-2022-35718

CVE-2022-35718 affects IBM Sterling Partner Engagement Manager. The IBM bulletin states that the product stores sensitive information in URL parameters, which can be disclosed to unauthorized parties via server logs, referrer headers, or browser history. Affected versions: IBM Sterling Partner En...

CVE-2024-0444

CVE-2024-0444 concerns GStreamer and its AV1 parsing path. The flaw is a stack-based buffer overflow in the AV1 tile-list data parsing, caused by insufficient validation of the length of user-supplied data before copying to a fixed-size stack buffer. Exploitation can lead to remote arbitrary code...

CVE-2024-25095

CVE-2024-25095 affects WordPress plugin Easy Forms for Mailchimp (

CVE-2024-25600

Bricks Builder (WordPress) is affected up to version 1.9.6 with an unauthenticated remote code execution via the vulnerable REST endpoint /wp-json/bricks/v1/render_element. The root cause is in Bricks\Query::prepare_query_vars_from_settings where user input from the queryEditor is passed directly...

CVE-2023-52147

CVE-2023-52147 concerns the WordPress plugin All In One WP Security & Firewall (AIOS)

CVE-2023-51667

CVE-2023-51667 affects the Rate my Post – WP Rating System WordPress plugin (

CVE-2023-51544

CVE-2023-51544 affects the RegistrationMagic WordPress plugin (versions up to 5.2.5.0). It is a Form Submission Limit Bypass caused by improper control of interaction frequency; the vulnerability has been patched in a later release per Wordfence records (no exploit/vector details provided in the ...

CVE-2023-51543

CVE-2023-51543 describes an Authentication Bypass by Spoofing in the WordPress plugin RegistrationMagic (Metagauss) that allows bypassing ACL constraints to access restricted functionality. Affected versions are RegistrationMagic up to 5.2.5.0 (version range stated as n/a through 5.2.5.0). The vu...

CVE-2023-51542

CVE-2023-51542 concerns Branda (WordPress White Label plugin by WPMU DEV). Affected versions are Branda: from n/a through 3.4.14. The issue is an authentication bypass by spoofing, allowing access to functionality not properly constrained by ACLs. The CVSS 3.1 vector yields a base score of 5.3 (M...

CVE-2023-51511

CVE-2023-51511 involves Booster Elite for WooCommerce (Pluggabl LLC) with an improper authentication vulnerability that allows accessing functionality not properly constrained by ACLs. Affected software: Booster Elite for WooCommerce prior to version 7.1.3. Public references indicate a base CVSS ...

CVE-2023-49822

CVE-2023-49822 affects the WordPress plugin “Ultimate Dashboard” (Ultimate Dashboard) up to version 3.7.10. The issue is a login-page disclosure vulnerability that can reveal the secret login page URL to unauthenticated actors on multisite installations, effectively bypassing access constraints a...

CVE-2023-49774

CVE-2023-49774 concerns the WordPress plugin WP Photo Album Plus (versions up to 8.5.02.005). The Red Hat/NVD entries describe an Information Exposure/Bypass issue where unauthenticated users could bypass login protection by manipulating IP-related behavior. PatchStack confirms the vulnerability ...

CVE-2023-49748

CVE-2023-49748 affects the WP Hide Login plugin (WordPress) up to version 1.9.11. The vulnerability is described as a Secret Login Page Location Disclosure on multisite installations, enabling exposure of login functionality due to ACLs not constraining access as intended. It has a low overall im...

CVE-2023-49741

CVE-2023-49741 affects the WordPress plugin Coming Soon and Maintenance mode (

CVE-2023-48747

CVE-2023-48747 affects Booster for WooCommerce (WordPress plugin)