Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total5
Critical4
High0
Medium1
Reset
Showing 1-5 of 5 records
Threat Entry Updated 2025-11-04

CVE-2025-11008 - Ce21 Suite Plugin

The CE21 Suite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.1 via the log file. This makes it possible for unauthenticated attackers to extract sensitive data including authentication credentials, which can be used to log in as other users as long as they have used the plugin's custom authentication feature before. This may include administrators, which makes a complete site takeover possible.

PLUGIN Ce21 Suite

CVE-2025-11008

CRITICAL CVSS 9.8 2025-11-04
Open Full Technical Breakdown
Threat Entry Updated 2025-11-04

CVE-2025-11007 - Ce21 Suite Plugin

The CE21 Suite plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the wp_ajax_nopriv_ce21_single_sign_on_save_api_settings AJAX action in versions 2.2.1 to 2.3.1. This makes it possible for unauthenticated attackers to update the plugin's API settings including a secret key used for authentication. This allows unauthenticated attackers to create new admin accounts on an affected site.

PLUGIN Ce21 Suite

CVE-2025-11007

CRITICAL CVSS 9.8 2025-11-04
Open Full Technical Breakdown
Threat Entry Updated 2025-01-29

CVE-2024-10285 - Ce21 Suite Plugin

The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the plugin-log.txt in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to log in the user associated with the JWT token.

PLUGIN Ce21 Suite

CVE-2024-10285

CRITICAL CVSS 9.8 2024-11-09
Open Full Technical Breakdown
Threat Entry Updated 2025-01-29

CVE-2024-10294 - Ce21 Suite Plugin

The CE21 Suite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ce21_single_sign_on_save_api_settings' function in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to change plugin settings.

PLUGIN Ce21 Suite

CVE-2024-10294

MEDIUM CVSS 6.5 2024-11-09
Open Full Technical Breakdown
Threat Entry Updated 2025-01-29

CVE-2024-10284 - Ce21 Suite Plugin

The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21_authentication_phrase' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.

PLUGIN Ce21 Suite

CVE-2024-10284

CRITICAL CVSS 9.8 2024-11-09
Open Full Technical Breakdown
Scroll to top