Aggregates CVE and security vulnerability intelligence across all hmplugin-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk csrf and vendor risk path handling, with potential vendor impact file overwrite across vendor surface production workloads and vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-50459 | Missing Authorization vulnerability in Hossni Mubarak AidWP wp-stripe-donation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AidWP: from n/a through <= 3.2.3. | [email protected] | 5.3 | 0.74% | 2024-10-29 | 2026-04-23 |
| CVE-2023-48288 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP.This issue affects WordPress Job Board and Recruitment Plugin – JobWP: from n/a through 2.1. | [email protected] | 7.5 | 0.62% | 2023-12-21 | 2026-04-28 |
| CVE-2023-29384 | Unrestricted Upload of File with Dangerous Type vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP.This issue affects WordPress Job Board and Recruitment Plugin – JobWP: from n/a through 2.0. | [email protected] | 10.0 | 4.11% | 2023-12-20 | 2026-04-28 |
| CVE-2023-23705 | Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin WordPress Books Gallery plugin <= 4.4.8 versions. | [email protected] | 4.3 | 0.15% | 2023-05-23 | 2024-11-21 |
| CVE-2022-47422 | Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin Accept Stripe Donation – AidWP plugin <= 3.1.5 versions. | [email protected] | 4.3 | 0.15% | 2023-03-14 | 2024-11-21 |
| CVE-2021-24602 | The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page | [email protected] | 8.8 | 0.71% | 2021-08-23 | 2024-11-21 |