CVE-2023-51476

The connected data confirms CVE-2023-51476 affects the WP MLM Unilevel WordPress plugin (

CVE-2023-51424

CVE-2023-51424 affects WebinarIgnition (WordPress Webinar plugin) up to version 3.05.0. The issue is an unauthenticated privilege escalation due to improper privilege management. Public details in Wordfence/EU listings show an in-the-wild risk with a CVSS v3.1 base score of 9.8 (CRITICAL), networ...

CVE-2023-51401

Technical details (affected version, root cause, exploit vectors, and patch status) for CVE-2023-51401 are not provided in the connected documents. Monitor vendor advisories and CVE records for updates and remediation specifics.

CVE-2023-51398

CVE-2023-51398 is an authentication‑related vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder. The issue stems from improper privilege management that enables Privilege Escalation for authenticated users (Contributor+), potentially granting higher privileges than allowed. Affec...

CVE-2023-49753

CVE-2023-49753 affects the Adifier System WordPress plugin and is a Local File Inclusion vulnerability caused by improper pathname restrictions in the Adifier System before 3.1.4. The issue enables unauthenticated local file inclusion, contributing to potential code execution or sensitive data ex...

CVE-2023-48757

CVE-2023-48757 affects Crocoblock JetEngine (WordPress plugin) and enables Privilege Escalation due to Improper Privilege Management. Affected versions are JetEngine and earlier than or equal to 3.2.4; the vulnerability allows an authenticated attacker with Contributor+ privileges to escalate, as...

CVE-2023-48319

CVE-2023-48319 affects the WordPress plugin Salon booking system (salon-booking-system) up to version 8.6. It is an Improper Privilege Management vulnerability that enables Privilege Escalation for users with Editor-level access, potentially granting Administrator privileges. The issue is fixed i...

CVE-2023-47679

CVE-2023-47679 describes a Local File Inclusion (path traversal) vulnerability in the WordPress plugin Qi Addons For Elementor by QODE Interactive. Affected versions are 1.6.3 and earlier; the issue stems from improper limitation of a pathname to a restricted directory, enabling inclusion of loca...

CVE-2023-46784

CVE-2023-46784 affects WordPress ICS Calendar plugin

CVE-2023-46205

CVE-2023-46205 : Local File Inclusion in the WordPress plugin Ultimate Addons for WPBakery Page Builder. Affected versions: up to 3.19.14. Root cause: improper limitation of a pathname to restricted directories (path traversal) leading to PHP Local File Inclusion. Impact (per CVE metrics): potent...

CVE-2023-46145

CVE-2023-46145 is an authenticated privilege escalation in the WordPress theme Themify Ultra. The vulnerability arises from improper privilege management in Themify Ultra versions up to and including 7.3.5, enabling a subscriber-level attacker to escalate privileges. The issue is actively documen...

CVE-2023-44478

CVE-2023-44478 is a CSRF flaw in the WordPress plugin Events Rich Snippets for Google (

CVE-2024-24873

CVE-2024-24873 : Improper Control of Interaction Frequency in CodePeople CP Polls allows a polling limit bypass (flooding) in versions up to 1.0.71 . A fix is available in version 1.0.72 . The CVSS v3.1 base score is 5.3 (Medium) , with unauthenticated access required. Public exploitation status ...

CVE-2024-24874

CVE-2024-24874 affects WordPress plugin CP Polls up to version 1.0.71, where unauthenticated content injection is possible due to insufficient validation of poll answers. The vulnerability is categorized as Content Injection with a low CVSS (5.3) and is mitigated by upgrading to version 1.0.72, w...

CVE-2024-25595

CVE-2024-25595 describes an Authentication Bypass by Spoofing in the Defender Security plugin for WordPress by WPMU DEV. Affected versions are Defender Security up to 4.4.1, with the underlying issue allowing an unauthenticated bypass of IP-based or functional protections, effectively enabling a ...

CVE-2023-41955

CVE-2023-41955 is an Improper Privilege Management vulnerability in the WordPress plugin Essential Addons for Elementor (WPDeveloper). The flaw enables Privilege Escalation for authenticated users (Contributor/above) across versions up to 5.8.8 . The NVD entry lists a CVSS v3.1 base score of 8.8 ...

CVE-2023-38399

CVE-2023-38399 concerns a Local File Inclusion (path traversal) in WordPress plugin Phlox Portfolio by Averta. The vulnerability affects Phlox Portfolio versions up to 2.3.1 and is exploitable without authentication due to improper limitation of a pathname to a restricted directory. Patchstack an...

CVE-2023-37888

CVE-2023-37888 affects the WordPress plugin Shortcodes and extra features for Phlox theme . It is a Path Traversal (PHP Local File Inclusion) vulnerability that allows unauthenticated attackers to include local files. Affected versions are up to and including 2.14.0; the vendor/maintainer fixed i...

CVE-2023-25050

CVE-2023-25050 affects WordPress Shortcodes Ultimate (versions n/a through 5.12.6). The vulnerability is an Improper Limitation of a Pathname to a Restricted Directory (path traversal) that enables Absolute Path Traversal. Public sources (Patchstack; CVE records; Red Hat advisory) confirm the iss...

CVE-2023-23645

CVE-2023-23645 affects the WordPress plugin MainWP Code Snippets Extension (versions