VYPR

Ce21 Suite

by WordPress

Source repositories

CVEs (6)

  • CVE-2025-11008CriNov 4, 2025
    risk 0.64cvss 9.8epss 0.00

    The CE21 Suite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.1 via the log file. This makes it possible for unauthenticated attackers to extract sensitive data including authentication credentials, which can be…

  • CVE-2025-11007CriNov 4, 2025
    risk 0.64cvss 9.8epss 0.00

    The CE21 Suite plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the wp_ajax_nopriv_ce21_single_sign_on_save_api_settings AJAX action in versions 2.2.1 to 2.3.1. This makes it possible for unauthenticated attackers to…

  • CVE-2024-54293CriDec 13, 2024
    risk 0.64cvss 9.8epss 0.01

    Incorrect Privilege Assignment vulnerability in CE21 CE21 Suite ce21-suite allows Privilege Escalation.This issue affects CE21 Suite: from n/a through <= 2.2.0.

  • CVE-2024-10284CriNov 9, 2024
    risk 0.57cvss 9.8epss 0.00

    The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21_authentication_phrase' function. This makes it possible for unauthenticated attackers to log in as any…

  • CVE-2024-10294Nov 9, 2024
    risk 0.00cvss epss 0.00

    The CE21 Suite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ce21_single_sign_on_save_api_settings' function in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to…

  • CVE-2024-10285Nov 9, 2024
    risk 0.00cvss epss 0.01

    The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the plugin-log.txt in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to log in the user associated with the JWT token.