In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between March 14-15, 2025.
During this period, The National Vulnerability Database published 88, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 9
High: 18
Medium: 24
Low: 2
Severity Not Assigned: 35
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-55549
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.4
Impact Score: 5.8
Description: xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.
References: https://gitlab.gnome.org/GNOME/libxslt/-/issues/127
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
2. CVE-2025-24855
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.4
Impact Score: 5.8
Description: numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
References: https://gitlab.gnome.org/GNOME/libxslt/-/issues/128
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-11283
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to wp_ajax_google_api_login_callback function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to access arbitrary candidate accounts.
References: https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636
https://www.wordfence.com/threat-intel/vulnerabilities/id/cfa487fb-c014-47f1-9537-73881ede30b4?source=cve
CWE-ID: CWE-289
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-11284
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.9. This is due to the plugin not properly validating a user's identity prior to updating their password through the account_settings_save_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
References: https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636
https://www.wordfence.com/threat-intel/vulnerabilities/id/8afe386e-1e4f-4668-8309-6d47dedb008a?source=cve
CWE-ID: CWE-639
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-11285
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the account_settings_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.
References: https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636
https://www.wordfence.com/threat-intel/vulnerabilities/id/0e61c98d-a6f4-4ac0-b9f9-2b936c030413?source=cve
CWE-ID: CWE-639
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-11286
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the cs_parse_request() function. This makes it possible for unauthenticated attackers to to log in to any user's account, including administrators.
References: https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636
https://www.wordfence.com/threat-intel/vulnerabilities/id/91754c4d-a0d0-4d35-a70a-446d2bdf6c73?source=cve
CWE-ID: CWE-288
Common Platform Enumerations (CPE): Not Found
7. CVE-2025-2056
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 5.4.01 via the showFile function. This makes it possible for unauthenticated attackers to read the contents of specific file types on the server, which can contain sensitive information.
References: https://plugins.trac.wordpress.org/browser/hide-my-wp/tags/5.4.02/models/Files.php#L336
https://www.wordfence.com/threat-intel/vulnerabilities/id/f43db496-80ea-442c-9417-7aa03ec95f02?source=cve
CWE-ID: CWE-23
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-13376
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Industrial theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the _ajax_get_total_content_import_items() function in all versions up to, and including, 1.7.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
References: https://themeforest.net/item/industrial-manufacturing-wordpress-theme/15776179
https://www.wordfence.com/threat-intel/vulnerabilities/id/e25ca990-eee1-4f72-b543-7a65bc4855a8?source=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-13913
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.0.83. This is due to missing or incorrect nonce validation in the '/migrate/templates/main.php' file. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
References: https://plugins.trac.wordpress.org/browser/instawp-connect/trunk/admin/class-instawp-admin.php#L159
https://plugins.trac.wordpress.org/browser/instawp-connect/trunk/migrate/templates/main.php#L27
https://plugins.trac.wordpress.org/changeset/3254817/
https://www.wordfence.com/threat-intel/vulnerabilities/id/ea6c7b63-00da-4476-a024-97fe99af643d?source=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
10. CVE-2025-0952
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: The Eco Nature - Environment & Ecology WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cmsmasters_hide_admin_notice' AJAX action in all versions up to, and including, 2.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to 'hide' on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values to true such as registration.
References: https://themeforest.net/item/eco-nature-environment-ecology-wordpress-theme/8497776
https://www.wordfence.com/threat-intel/vulnerabilities/id/ba708a4f-d987-4d63-a218-2ed1c6daa010?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
11. CVE-2025-1764
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: The LoginPress | wp-login Custom Login Page Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.1. This is due to missing or incorrect nonce validation on the 'custom_plugin_set_option' function. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. The 'WPBRIGADE_SDK__DEV_MODE' constant must be set to 'true' to exploit the vulnerability.
References: https://plugins.svn.wordpress.org/loginpress/trunk/lib/wpb-sdk/views/wpb-debug.php
https://plugins.trac.wordpress.org/changeset/3253283/
https://pt.wordpress.org/plugins/loginpress/
https://www.wordfence.com/threat-intel/vulnerabilities/id/9df6a2b4-2dc4-43dd-8282-5c05b0fa13f6?source=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
12. CVE-2025-2103
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The SoundRise Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on theironMusic_ajax() function in all versions up to, and including, 1.6.11. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
References: https://themeforest.net/item/soundrise-artists-producers-and-record-labels-wordpress-theme/19764337
https://www.wordfence.com/threat-intel/vulnerabilities/id/e8c0f9d8-c5cf-4e31-bc0b-289ad7c1d197?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-13824
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.19.0 via deserialization of untrusted input in the 'add_ciyashop_wishlist' and 'ciyashop_get_compare' functions. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.
References: https://themeforest.net/item/ciyashop-responsive-multipurpose-woocommerce-wordpress-theme/22055376#item-description__changelog
https://www.wordfence.com/threat-intel/vulnerabilities/id/b69c86f4-d81d-4e14-baff-3402008bb9c6?source=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
14. CVE-2025-2221
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The WPCOM Member plugin for WordPress is vulnerable to time-based SQL Injection via the ‘user_phone’ parameter in all versions up to, and including, 1.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/wpcom-member/tags/1.7.6/includes/class-sesstion.php#L35
https://plugins.trac.wordpress.org/changeset/3255171/
https://www.wordfence.com/threat-intel/vulnerabilities/id/8f491d48-935c-4fd9-a342-44d98c5601b3?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-13321
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The AnalyticsWP plugin for WordPress is vulnerable to SQL Injection via the 'custom_sql' parameter in all versions up to, and including, 2.0.0 due to insufficient authorization checks on the handle_get_stats() function. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://analyticswp.com/
https://www.wordfence.com/threat-intel/vulnerabilities/id/f6507318-92c0-457c-8c87-2d023428a77f?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-8176
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.
References: https://access.redhat.com/security/cve/CVE-2024-8176
https://bugzilla.redhat.com/show_bug.cgi?id=2310137
https://github.com/libexpat/libexpat/issues/893
CWE-ID: CWE-674
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-26006
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS version 7.4.3 and below, version 7.2.7 and below, version 7.0.13 and below and FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below web SSL VPN UI may allow a remote unauthenticated attacker to perform a Cross-Site Scripting attack via a malicious samba server.
References: https://fortiguard.fortinet.com/psirt/FG-IR-23-485
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-12810
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 7.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files, generate backups, restore backups, update theme options, and reset theme options to default settings.
References: https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636
https://www.wordfence.com/threat-intel/vulnerabilities/id/24889552-0db6-44e6-9b12-f31b5e92a42e?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-13771
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of user validation before changing a password. This makes it possible for unauthenticated attackers to change the password of arbitrary users, including administrators, if the attacker knows the username of the victim.
References: http://localhost:1337/wp-content/themes/civi/includes/class-ajax.php#L715
https://www.wordfence.com/threat-intel/vulnerabilities/id/5ab2c74d-b83b-40ea-951c-83aeb76a7515?source=cve
CWE-ID: CWE-288
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-13773
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via hard-coded credentials. This makes it possible for unauthenticated attackers to extract sensitive data including LinkedIn client and secret keys.
References: http://localhost:1337/wp-content/themes/civi/includes/class-init.php#L36
https://www.wordfence.com/threat-intel/vulnerabilities/id/e3499182-7501-4fec-a7c6-b66ae47533cd?source=cve
CWE-ID: CWE-321
Common Platform Enumerations (CPE): Not Found
21. CVE-2025-2232
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'do_register_user' function. This makes it possible for unauthenticated attackers to register an account with the Administrator role.
References: https://docs.purethemes.net/findeo/knowledge-base/changelog-findeo/
https://www.wordfence.com/threat-intel/vulnerabilities/id/abe73ecd-1325-4d6d-8545-d27f6116ca43?source=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
22. CVE-2025-27593
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 5.8
Description: The product can be used to distribute malicious code using SDD Device Drivers due to missing download verification checks, leading to code execution on target systems.
References: https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF
https://github.security.telekom.com/2025/03/multiple-vulnerabilities-in-sick-dl100.html
https://sick.com/psirt
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
https://www.first.org/cvss/calculator/3.1
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.json
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.pdf
CWE-ID: CWE-494
Common Platform Enumerations (CPE): Not Found
23. CVE-2025-27594
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the device using a pass-the-hash attack.
References: https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF
https://github.security.telekom.com/2025/03/multiple-vulnerabilities-in-sick-dl100.html
https://sick.com/psirt
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
https://www.first.org/cvss/calculator/3.1
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.json
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.pdf
CWE-ID: CWE-319
Common Platform Enumerations (CPE): Not Found
24. CVE-2025-27595
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The device uses a weak hashing alghorithm to create the password hash. Hence, a matching password can be easily calculated by an attacker. This impacts the security and the integrity of the device.
References: https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF
https://github.security.telekom.com/2025/03/multiple-vulnerabilities-in-sick-dl100.html
https://sick.com/psirt
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
https://www.first.org/cvss/calculator/3.1
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.json
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.pdf
CWE-ID: CWE-328
Common Platform Enumerations (CPE): Not Found
25. CVE-2025-2000
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. A python process calling Qiskit 0.18.0 through 1.4.1's `qiskit.qpy.load()` function could potentially execute any arbitrary Python code embedded in the correct place in the binary file as part of specially constructed payload.
References: https://www.ibm.com/support/pages/node/7185949
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-46662
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiManager versions 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to escalation of privilege via specifically crafted packets
References: https://fortiguard.fortinet.com/psirt/FG-IR-24-222
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
27. CVE-2023-45588
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 1.5
Impact Score: 6.0
Description: An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process.
References: https://fortiguard.com/psirt/FG-IR-23-345
CWE-ID: CWE-73
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between March 14-15, 2025.
During this period, The National Vulnerability Database published 88, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 9
High: 18
Medium: 24
Low: 2
Severity Not Assigned: 35
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-55549
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.4
Impact Score: 5.8
Description: xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.
References: https://gitlab.gnome.org/GNOME/libxslt/-/issues/127
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
2. CVE-2025-24855
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.4
Impact Score: 5.8
Description: numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
References: https://gitlab.gnome.org/GNOME/libxslt/-/issues/128
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-11283
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to wp_ajax_google_api_login_callback function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to access arbitrary candidate accounts.
References: https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636
https://www.wordfence.com/threat-intel/vulnerabilities/id/cfa487fb-c014-47f1-9537-73881ede30b4?source=cve
CWE-ID: CWE-289
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-11284
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.9. This is due to the plugin not properly validating a user's identity prior to updating their password through the account_settings_save_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
References: https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636
https://www.wordfence.com/threat-intel/vulnerabilities/id/8afe386e-1e4f-4668-8309-6d47dedb008a?source=cve
CWE-ID: CWE-639
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-11285
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the account_settings_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.
References: https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636
https://www.wordfence.com/threat-intel/vulnerabilities/id/0e61c98d-a6f4-4ac0-b9f9-2b936c030413?source=cve
CWE-ID: CWE-639
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-11286
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the cs_parse_request() function. This makes it possible for unauthenticated attackers to to log in to any user's account, including administrators.
References: https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636
https://www.wordfence.com/threat-intel/vulnerabilities/id/91754c4d-a0d0-4d35-a70a-446d2bdf6c73?source=cve
CWE-ID: CWE-288
Common Platform Enumerations (CPE): Not Found
7. CVE-2025-2056
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 5.4.01 via the showFile function. This makes it possible for unauthenticated attackers to read the contents of specific file types on the server, which can contain sensitive information.
References: https://plugins.trac.wordpress.org/browser/hide-my-wp/tags/5.4.02/models/Files.php#L336
https://www.wordfence.com/threat-intel/vulnerabilities/id/f43db496-80ea-442c-9417-7aa03ec95f02?source=cve
CWE-ID: CWE-23
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-13376
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Industrial theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the _ajax_get_total_content_import_items() function in all versions up to, and including, 1.7.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
References: https://themeforest.net/item/industrial-manufacturing-wordpress-theme/15776179
https://www.wordfence.com/threat-intel/vulnerabilities/id/e25ca990-eee1-4f72-b543-7a65bc4855a8?source=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-13913
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.0.83. This is due to missing or incorrect nonce validation in the '/migrate/templates/main.php' file. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
References: https://plugins.trac.wordpress.org/browser/instawp-connect/trunk/admin/class-instawp-admin.php#L159
https://plugins.trac.wordpress.org/browser/instawp-connect/trunk/migrate/templates/main.php#L27
https://plugins.trac.wordpress.org/changeset/3254817/
https://www.wordfence.com/threat-intel/vulnerabilities/id/ea6c7b63-00da-4476-a024-97fe99af643d?source=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
10. CVE-2025-0952
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: The Eco Nature - Environment & Ecology WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cmsmasters_hide_admin_notice' AJAX action in all versions up to, and including, 2.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to 'hide' on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values to true such as registration.
References: https://themeforest.net/item/eco-nature-environment-ecology-wordpress-theme/8497776
https://www.wordfence.com/threat-intel/vulnerabilities/id/ba708a4f-d987-4d63-a218-2ed1c6daa010?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
11. CVE-2025-1764
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: The LoginPress | wp-login Custom Login Page Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.1. This is due to missing or incorrect nonce validation on the 'custom_plugin_set_option' function. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. The 'WPBRIGADE_SDK__DEV_MODE' constant must be set to 'true' to exploit the vulnerability.
References: https://plugins.svn.wordpress.org/loginpress/trunk/lib/wpb-sdk/views/wpb-debug.php
https://plugins.trac.wordpress.org/changeset/3253283/
https://pt.wordpress.org/plugins/loginpress/
https://www.wordfence.com/threat-intel/vulnerabilities/id/9df6a2b4-2dc4-43dd-8282-5c05b0fa13f6?source=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
12. CVE-2025-2103
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The SoundRise Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on theironMusic_ajax() function in all versions up to, and including, 1.6.11. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
References: https://themeforest.net/item/soundrise-artists-producers-and-record-labels-wordpress-theme/19764337
https://www.wordfence.com/threat-intel/vulnerabilities/id/e8c0f9d8-c5cf-4e31-bc0b-289ad7c1d197?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-13824
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.19.0 via deserialization of untrusted input in the 'add_ciyashop_wishlist' and 'ciyashop_get_compare' functions. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.
References: https://themeforest.net/item/ciyashop-responsive-multipurpose-woocommerce-wordpress-theme/22055376#item-description__changelog
https://www.wordfence.com/threat-intel/vulnerabilities/id/b69c86f4-d81d-4e14-baff-3402008bb9c6?source=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
14. CVE-2025-2221
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The WPCOM Member plugin for WordPress is vulnerable to time-based SQL Injection via the ‘user_phone’ parameter in all versions up to, and including, 1.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/wpcom-member/tags/1.7.6/includes/class-sesstion.php#L35
https://plugins.trac.wordpress.org/changeset/3255171/
https://www.wordfence.com/threat-intel/vulnerabilities/id/8f491d48-935c-4fd9-a342-44d98c5601b3?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-13321
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The AnalyticsWP plugin for WordPress is vulnerable to SQL Injection via the 'custom_sql' parameter in all versions up to, and including, 2.0.0 due to insufficient authorization checks on the handle_get_stats() function. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://analyticswp.com/
https://www.wordfence.com/threat-intel/vulnerabilities/id/f6507318-92c0-457c-8c87-2d023428a77f?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-8176
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.
References: https://access.redhat.com/security/cve/CVE-2024-8176
https://bugzilla.redhat.com/show_bug.cgi?id=2310137
https://github.com/libexpat/libexpat/issues/893
CWE-ID: CWE-674
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-26006
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS version 7.4.3 and below, version 7.2.7 and below, version 7.0.13 and below and FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below web SSL VPN UI may allow a remote unauthenticated attacker to perform a Cross-Site Scripting attack via a malicious samba server.
References: https://fortiguard.fortinet.com/psirt/FG-IR-23-485
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-12810
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 7.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files, generate backups, restore backups, update theme options, and reset theme options to default settings.
References: https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636
https://www.wordfence.com/threat-intel/vulnerabilities/id/24889552-0db6-44e6-9b12-f31b5e92a42e?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-13771
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of user validation before changing a password. This makes it possible for unauthenticated attackers to change the password of arbitrary users, including administrators, if the attacker knows the username of the victim.
References: http://localhost:1337/wp-content/themes/civi/includes/class-ajax.php#L715
https://www.wordfence.com/threat-intel/vulnerabilities/id/5ab2c74d-b83b-40ea-951c-83aeb76a7515?source=cve
CWE-ID: CWE-288
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-13773
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via hard-coded credentials. This makes it possible for unauthenticated attackers to extract sensitive data including LinkedIn client and secret keys.
References: http://localhost:1337/wp-content/themes/civi/includes/class-init.php#L36
https://www.wordfence.com/threat-intel/vulnerabilities/id/e3499182-7501-4fec-a7c6-b66ae47533cd?source=cve
CWE-ID: CWE-321
Common Platform Enumerations (CPE): Not Found
21. CVE-2025-2232
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'do_register_user' function. This makes it possible for unauthenticated attackers to register an account with the Administrator role.
References: https://docs.purethemes.net/findeo/knowledge-base/changelog-findeo/
https://www.wordfence.com/threat-intel/vulnerabilities/id/abe73ecd-1325-4d6d-8545-d27f6116ca43?source=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
22. CVE-2025-27593
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 5.8
Description: The product can be used to distribute malicious code using SDD Device Drivers due to missing download verification checks, leading to code execution on target systems.
References: https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF
https://github.security.telekom.com/2025/03/multiple-vulnerabilities-in-sick-dl100.html
https://sick.com/psirt
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
https://www.first.org/cvss/calculator/3.1
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.json
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.pdf
CWE-ID: CWE-494
Common Platform Enumerations (CPE): Not Found
23. CVE-2025-27594
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the device using a pass-the-hash attack.
References: https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF
https://github.security.telekom.com/2025/03/multiple-vulnerabilities-in-sick-dl100.html
https://sick.com/psirt
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
https://www.first.org/cvss/calculator/3.1
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.json
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.pdf
CWE-ID: CWE-319
Common Platform Enumerations (CPE): Not Found
24. CVE-2025-27595
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The device uses a weak hashing alghorithm to create the password hash. Hence, a matching password can be easily calculated by an attacker. This impacts the security and the integrity of the device.
References: https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF
https://github.security.telekom.com/2025/03/multiple-vulnerabilities-in-sick-dl100.html
https://sick.com/psirt
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
https://www.first.org/cvss/calculator/3.1
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.json
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.pdf
CWE-ID: CWE-328
Common Platform Enumerations (CPE): Not Found
25. CVE-2025-2000
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. A python process calling Qiskit 0.18.0 through 1.4.1's `qiskit.qpy.load()` function could potentially execute any arbitrary Python code embedded in the correct place in the binary file as part of specially constructed payload.
References: https://www.ibm.com/support/pages/node/7185949
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-46662
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiManager versions 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to escalation of privilege via specifically crafted packets
References: https://fortiguard.fortinet.com/psirt/FG-IR-24-222
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
27. CVE-2023-45588
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 1.5
Impact Score: 6.0
Description: An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process.
References: https://fortiguard.com/psirt/FG-IR-23-345
CWE-ID: CWE-73
Common Platform Enumerations (CPE): Not Found