Civi Security Vulnerabilities and Issues — Civi CVE List

Lucene search

UxperCivi

3 matches found

CVE•added 2025/03/14 12:15 p.m.•44 views

CVE-2024-13773

The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via hard-coded credentials. This makes it possible for unauthenticated attackers to extract sensitive data including LinkedIn...

7.5CVSS7.1AI score0.00108EPSS

CVE•added 2025/03/14 12:15 p.m.•43 views

CVE-2024-13771

The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of user validation before changing a password. This makes it possible for unauthenticated attackers to change t...

9.8CVSS7.5AI score0.0011EPSS

CVE•added 2025/03/14 12:15 p.m.•42 views

CVE-2024-13772

The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.6.1. This is due to a lack of password randomization and user validation through the fb_ajax_login_or_register and google_ajax_login_or_...

5.9CVSS6.2AI score0.00052EPSS