Vulnerabilities and Security Researches

Recent vulnerability researches
CVE/PSC	Application	Date	Affected versions	Description
			Actual on: Jan 09, 2025, 03:01:26
CVE-2025-22296	Hash Elements vulnerable	Jan 09, 2025, 08:01:20	Min - Max 1.4.9	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HashThemes Hash Elements.This issue affects Hash Elements: from n/a through 1.4.9.
CVE-2025-22507	WPMU Prefill Post vulnerable	Jan 09, 2025, 08:01:12	Min - Max 1.02	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Benjamin Santalucia (ben@woow-fr.com) WPMU Prefill Post allows SQL Injection.This issue affects WPMU Prefill Post: from n/a through 1.02.
CVE-2024-12131	WP Job Portal – A Complete Job Board vulnerable	Jan 09, 2025, 08:01:02	Min - Max 2.2.6	The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.5 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to submit resumes for other applicants when applying for jobs.
CVE-2024-56285	WPBITS Addons For Elementor Page Builder vulnerable	Jan 09, 2025, 08:01:02	Min - Max 1.6	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBits WPBITS Addons For Elementor Page Builder allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through 1.5.1.
CVE-2025-22316	WPBITS Addons For Elementor Page Builder vulnerable	Jan 09, 2025, 08:01:02	Min - Max 1.6	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBits WPBITS Addons For Elementor Page Builder allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through 1.5.1.
CVE-2025-22349	WordPress Auction Plugin vulnerable	Jan 09, 2025, 07:01:59	Min - Max 3.7	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through 3.7.
CVE-2025-22516	Metadata SEO vulnerable	Jan 09, 2025, 07:01:58	Min - Max 2.3	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hitesh Patel Metadata SEO allows Stored XSS.This issue affects Metadata SEO: from n/a through 2.3.
CVE-2024-56294	The Plus Blocks for Block Editor \| Gutenberg vulnerable	Jan 09, 2025, 07:01:54	Min - Max 4.0.8	Missing Authorization vulnerability in POSIMYTH Nexter Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nexter Blocks: from n/a through 4.0.7.
CVE-2025-22558	mcjh button shortcode vulnerable	Jan 09, 2025, 07:01:33	Min - Max 1.6.4	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcus C. J. Hartmann mcjh button shortcode allows Stored XSS.This issue affects mcjh button shortcode: from n/a through 1.6.4.
CVE-2024-12337	Shipping via Planzer for WooCommerce vulnerable	Jan 09, 2025, 07:01:17	Min - Max 1.0.26	The Shipping via Planzer for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘processed-ids’ parameter in all versions up to, and including, 1.0.25 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Recent approved applications
Application	Date	Description	Details
			Actual on: Jan 09, 2025, 03:01:26
XML Sitemap Generator for Google	Jan 08, 2025, 22:01:09	<p>Generate XML, HTML, RSS sitemaps for your website with ease using the XML Sitemap Generator for Google. This plugin enables you to improve your SEO rankings by creating page, news, video, HTML, and RSS sitemaps. It also supports custom post types and taxonomies, allowing you to ensure that all of your content is being indexed by search engines. With a user-friendly interface, you can easily configure the plugin to suit your needs and generate sitemaps in just a few clicks. Keep your website up-to-date an...
ElementsKit Elementor addons	Dec 27, 2024, 22:12:44	<p><strong>ElementsKit Elementor addons</strong> is an ultimate and all-in-one addons for <a href="https://elementor.com/" rel="nofollow ugc">Elementor</a> Page Builder. It includes the most comprehensive modules, such as <strong>Header Footer Builder, Mega Menu Builder, Layout template Library</strong>, etc. under the one hood. It has <strong>85+ custom Elementor widgets</strong> such as an Advanced accordion, Pricing table, Team member, testimonial, Accordion, tab, Countdown Timer, etc. to create any site...
WPS Hide Login	Dec 26, 2024, 22:12:41	<h4>English</h4> <p><em>WPS Hide Login</em> is a very light plugin that lets you easily and safely change the url of the login form page to anything you want. It doesn’t literally rename or change files in core, nor does it add rewrite rules. It simply intercepts page requests and works on any WordPress website. The wp-admin directory and wp-login.php page become inaccessible, so you should bookmark or remember the url. Deactivating this plugin brings your site back exactly to the state it was before.</p> <...
Starter Templates — Elementor, WordPress & Beaver Builder Templates	Dec 24, 2024, 18:12:29	<h4>FREE TEMPLATES FOR ELEMENTOR, BEAVER BUILDER AND BLOCK EDITOR</h4> <p>Create professional designed pixel perfect websites in minutes with the Starter Templates plugin.</p> <p>This plugin gives you access to 280+ pre-made full website templates and individual pages for your favorite page builder such as Elementor, Beaver Builder and the Block Editor.</p> <p><a href="https://bsf.io/starter-templates-demo" rel="nofollow ugc">Try it out on a free dummy site</a></p> <p>All you need to do is select the demo t...
Limit Login Attempts Reloaded	Dec 24, 2024, 17:12:41	<p><a href="https://www.limitloginattempts.com" rel="nofollow ugc">Limit Login Attempts Reloaded</a> functions as a robust deterrent against <a href="https://www.limitloginattempts.com/cracking-the-code-unveiling-the-mechanics-behind-brute-force-attacks/" rel="nofollow ugc">brute force attacks</a>, bolstering your website’s security measures and optimizing its performance. It achieves this by <strong>restricting the number of login attempts allowed</strong>. This applies not only to the standard login...
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress	Dec 23, 2024, 10:12:37	<h4>Modern WordPress Membership Plugin for Ecommerce, Digital Downloads, User Profile, Registration & Login Form</h4> <p><a href="https://profilepress.com/?utm_source=wprepo&utm_medium=link&utm_campaign=liteversion" rel="nofollow ugc">ProfilePress</a> is a powerful ecommerce and paid membership plugin for accepting one-time and recurring payments, selling subscriptions and digital products or digital downloads (downloadable files) via Bank Transfer, Stripe, PayPal, RazorPay, Mollie & Paystac...
Loco Translate	Dec 20, 2024, 22:12:22	<p>Loco Translate provides in-browser editing of WordPress translation files and integration with automatic translation services.</p> <p>It also provides Gettext/localization tools for developers, such as extracting strings and generating templates.</p> <p>Features include:</p> <ul> <li>Built-in translation editor within WordPress admin</li> <li>Integration with translation APIs including DeepL, Google, Microsoft and Lecto AI</li> <li>Create and update language files directly in your theme or plugin</li> <l...
WP Super Cache	Dec 20, 2024, 22:12:17	<p>This plugin generates static html files from your dynamic WordPress blog. After a html file is generated your webserver will serve that file instead of processing the comparatively heavier and more expensive WordPress PHP scripts.</p> <p>The static html files will be served to the vast majority of your users:</p> <ul> <li>Users who are not logged in.</li> <li>Users who have not left a comment on your blog.</li> <li>Or users who have not viewed a password protected post.</li> </ul> <p>99% of your visitor...
Post Duplicator	Dec 17, 2024, 18:12:09	<p>This plugin was created to make an exact duplicate of a selected post. Custom post types are supported, along with custom taxonomies and custom fields.</p> <p>*Note: Comments are not passed to the new post.</p> <p>This plugin is simply meant to quickly and easily duplicate a post. Just hover over a post in the edit screen and select ‘Duplicate {post_type}’ to create a duplicate post.</p> <p>I created this plugin mainly for myself when I’m develping WordPress sites. I always need dummy c...
Hello Dolly	Dec 12, 2024, 13:12:10	<p>This is not just a plugin, it symbolizes the hope and enthusiasm of an entire generation summed up in two words sung most famously by Louis Armstrong: Hello, Dolly. When activated you will randomly see a lyric from Hello, Dolly in the upper right of your admin screen on every page.</p> <p>Thanks to Sanjib Ahmad for the artwork.</p>

Recent vulnerability researches

Recent approved applications