Skip to main content
CVE-2025-10484 CRITICAL Act Now

The WooCommerce mobile phone registration plugin has an authentication bypass vulnerability allowing unauthenticated attackers to log in as any user, including administrators, with EPSS 0.42%.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-15403 CRITICAL Act Now

The RegistrationMagic WordPress plugin up to version 6.0 allows unauthenticated privilege escalation, enabling attackers to create admin accounts and take over WordPress sites.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy