7 matches found
CVE-2025-4601
The "RH - Real Estate WordPress Theme" theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 4.4.0. This is due to the theme not properly restricting user roles that can be updated as part of the inspiryupdateprofile function. This makes it possible for...
CVE-2025-2470
The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the 'nslregistrationstoreextrainput'...
CVE-2025-2470
The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the 'nslregistrationstoreextrainput'...
PT-2024-28566 · WordPress · Giveaways/Contests By Rafflepress
Name of the Vulnerable Software and Affected Versions: Giveaways and Contests by RafflePress WordPress plugin versions prior to 1.12.14 Description: The issue concerns a lack of sanitization and escaping of certain parameters, potentially allowing users with a role as low as editor to perform...
PT-2023-16123 · WordPress · Wp Yelp Review Slider
Name of the Vulnerable Software and Affected Versions: WP Yelp Review Slider WordPress plugin versions prior to 7.1 Description: The issue is related to a SQL injection that occurs due to improper sanitization and escaping of a parameter before it is used in a SQL statement. This can be exploited...
PT-2022-24936 · WordPress · Easy Video Player
Name of the Vulnerable Software and Affected Versions: Easy Video Player WordPress plugin versions prior to 1.2.2.3 Description: The issue allows users with a role as low as Contributor to perform Cross-Site Scripting attacks due to the plugin not sanitizing and escaping some parameters...
PT-2022-21926 · WordPress · Wp All Export Pro
Name of the Vulnerable Software and Affected Versions: WP All Export Pro versions prior to 1.7.9 Description: The issue allows any logged-in user with export privileges to execute arbitrary code on the site, despite the default restriction to administrators. This is because the plugin does not...