WordPress WP Subscribe plugin <= 1.2.16 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WP Subscribe versions = 1.2.16...

CVE-2026-24522

Missing Authorization vulnerability in MyThemeShop WP Subscribe wp-subscribe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscribe: from n/a through = 1.2.16...

CVE-2026-24522 WordPress WP Subscribe plugin <= 1.2.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in MyThemeShop WP Subscribe wp-subscribe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscribe: from n/a through = 1.2.16...

CVE-2026-24522

Missing Authorization vulnerability in MyThemeShop WP Subscribe wp-subscribe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscribe: from n/a through = 1.2.16...

CVE-2026-24522

CVE-2026-24522 describes a Missing Authorization (broken access control) vulnerability in MyThemeShop WP Subscribe (wp-subscribe), affecting WP Subscribe versions up to 1.2.16. The CVSS 3.1 base score is 4.3 (Medium) with network attack, low exploit complexity, and low confidentiality impact. The...

WordPress plugin WP Subscribe has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

PT-2026-4372

Name of the Vulnerable Software and Affected Versions MyThemeShop WP Subscribe versions through 1.2.16 Description An authorization issue exists in MyThemeShop WP Subscribe wp-subscribe, allowing exploitation due to incorrectly configured access control security levels. Recommendations Update WP...

CVE-2025-68497

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Astra Widgets astra-widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through = 1.2.16...

EUVD-2025-205210

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Astra Widgets astra-widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through = 1.2.16...

CVE-2025-68497

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Astra Widgets astra-widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through = 1.2.16...

CVE-2025-68497 WordPress Astra Widgets plugin <= 1.2.16 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Astra Widgets astra-widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through = 1.2.16...

CVE-2025-68497 WordPress Astra Widgets plugin <= 1.2.16 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Astra Widgets astra-widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through = 1.2.16...

WordPress plugin Astra Widgets 安全漏洞

WordPress Astra Widgets plugin is a widgets extension plugin developed by the Astra Themes team to enhance the functionality of Astra themes. WordPress Astra Widgets plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping...

WordPress WP CarDealer plugin <= 1.2.16 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Foxyyy in WordPress Plugin WP CarDealer versions = 1.2.16...

CVE-2025-13764

The WP CarDealer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.16. This is due to the 'WPCarDealerUser::processregister' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers t...

CVE-2025-13764 WP CarDealer <= 1.2.16 - Unauthenticated Privilege Escalation

The WP CarDealer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.16. This is due to the 'WPCarDealerUser::processregister' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers t...

CVE-2025-13764

The CVE-2025-13764 entry affects the WordPress WP CarDealer plugin. The vulnerability exists in all versions up to and including 1.2.16 due to the WP_CarDealer_User::process_register function not restricting which user roles can be assigned during registration. As a result, unauthenticated attack...

CVE-2025-13764 WP CarDealer <= 1.2.16 - Unauthenticated Privilege Escalation

The WP CarDealer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.16. This is due to the 'WPCarDealerUser::processregister' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers t...

PT-2025-50569

The WP CarDealer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.16. This is due to the 'WP CarDealer User::process register' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attacker...

CVE-2025-12920

A flaw has been found in qianfox FoxCMS up to 1.2.16. Affected by this vulnerability is the function add/edit of the file app/admin/controller/Product.php. This manipulation of the argument Title causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been...