Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total5
Critical3
High0
Medium2
Reset
Showing 1-5 of 5 records
Threat Entry Updated 2025-02-11

CVE-2025-0181 - Wp Foodbakery Plugin

The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.7. This is due to the plugin not properly validating a user's identity prior to setting the current user and their authentication cookie. This makes it possible for unauthenticated attackers to gain access to a target user's (e.g. administrators) account.

PLUGIN Wp Foodbakery

CVE-2025-0181

CRITICAL CVSS 9.8 2025-02-11
Open Full Technical Breakdown
Threat Entry Updated 2025-02-11

CVE-2025-0180 - Wp Foodbakery Plugin

The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible for unauthenticated attackers to register on the site as an administrator.

PLUGIN Wp Foodbakery

CVE-2025-0180

CRITICAL CVSS 9.8 2025-02-11
Open Full Technical Breakdown
Threat Entry Updated 2025-02-10

CVE-2024-13011 - Wp Foodbakery Plugin

The WP Foodbakery plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'upload_publisher_profile_image' function in versions up to, and including, 4.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

PLUGIN Wp Foodbakery

CVE-2024-13011

CRITICAL CVSS 9.8 2025-02-10
Open Full Technical Breakdown
Threat Entry Updated 2025-02-10

CVE-2024-13010 - Wp Foodbakery Plugin

The WP Foodbakery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.7 due to insufficient input sanitization and output escaping on the 'search_type' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Wp Foodbakery

CVE-2024-13010

MEDIUM CVSS 6.1 2025-02-10
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24389 - Wp Foodbakery Plugin

The WP Foodbakery WordPress plugin before 2.2, used in the FoodBakery WordPress theme before 2.2 did not properly sanitize the foodbakery_radius parameter before outputting it back in the response, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability.

PLUGIN Wp Foodbakery

CVE-2021-24389

MEDIUM CVSS 6.1 2021-07-06
Open Full Technical Breakdown
Scroll to top