Ce21Com Ce21 Suite vulnerabilities
5 known vulnerabilities affecting ce21com/ce21_suite.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH2
Vulnerabilities
Page 1 of 1
CVE-2025-11007P2CRITICALCVSS 9.8≥ 2.2.1, ≤ 2.3.12025-11-04
CVE-2025-11007 [CRITICAL] CWE-306 CVE-2025-11007: The CE21 Suite plugin for WordPress is vulnerable to unauthorized plugin settings update due to a mi
The CE21 Suite plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the wp_ajax_nopriv_ce21_single_sign_on_save_api_settings AJAX action in versions 2.2.1 to 2.3.1. This makes it possible for unauthenticated attackers to update the plugin's API settings including a secret key used for authe
nvd
CVE-2024-10284P2CRITICALCVSS 9.8≤ 2.2.02024-11-09
CVE-2024-10284 [CRITICAL] CWE-288 CVE-2024-10284: The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and in
The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21_authentication_phrase' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to t
nvd
CVE-2025-11008P2CRITICALCVSS 9.8≤ 2.3.12025-11-04
CVE-2025-11008 [CRITICAL] CWE-532 CVE-2025-11008: The CE21 Suite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions
The CE21 Suite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.1 via the log file. This makes it possible for unauthenticated attackers to extract sensitive data including authentication credentials, which can be used to log in as other users as long as they have used the plugin's custo
nvd
CVE-2024-10294P3HIGHCVSS 7.5≤ 2.2.02024-11-09
CVE-2024-10294 [HIGH] CWE-862 CVE-2024-10294: The CE21 Suite plugin for WordPress is vulnerable to unauthorized modification of data due to a miss
The CE21 Suite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ce21_single_sign_on_save_api_settings' function in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to change plugin settings.
nvd
CVE-2024-10285P3HIGHCVSS 7.5≤ 2.2.02024-11-09
CVE-2024-10285 [HIGH] CWE-200 CVE-2024-10285: The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the plugin
The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the plugin-log.txt in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to log in the user associated with the JWT token.
nvd