CVE-2025-3472

The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.4.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2025-1508

The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the downloaddata action in all versions up to, and including, 2.1.14. This makes it possible for authenticated attackers, with subscriber-level access and above, to download...

CVE-2025-1508

The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the downloaddata action in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to download...

CVE-2025-1508

CVE-2025-1508 affects the WordPress WP Crowdfunding plugin up to version 2.1.13. It results from a missing capability check on the download_data action, allowing authenticated users with subscriber-level access and above to download all post content when WooCommerce is installed. The vulnerabilit...

WholesaleX < 1.3.2 - Sensitive Information Exposure via export_users

Description The WholesaleX – WooCommerce Wholesale Plugin Wholesale Prices, Dynamic Pricing, Tiered Pricing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.1 via the 'exportusers'. This makes it possible for authenticated attackers,...