143 matches found
EUVD-2026-32545
Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementsKit Elementor addons Lite: from n/a through 3.9.6...
CVE-2026-49053 WordPress ElementsKit Elementor addons Lite plugin <= 3.9.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementsKit Elementor addons Lite: from n/a through 3.9.6...
CVE-2026-49053 WordPress ElementsKit Elementor addons Lite plugin <= 3.9.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementsKit Elementor addons Lite: from n/a through 3.9.6...
CVE-2026-49052
CVE-2026-49052 affects the WordPress ElementsKit Elementor addons Lite plugin up to version 3.9.6. The issue is described as a Missing Authorization/Broken Access Control vulnerability, caused by incorrectly configured access control security levels that potentially allow unauthorized actions wit...
EUVD-2026-32543
Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementsKit Elementor addons Lite: from n/a through 3.9.6...
WordPress ElementsKit Elementor addons Lite plugin <= 3.9.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Bonds in WordPress Plugin ElementsKit Elementor addons Lite versions = 3.9.6...
PT-2026-44027
Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementsKit Elementor addons Lite: from n/a through 3.9.6...
WordPress plugin ElementsKit Elementor addons Lite 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...
NPM: vm2: Mutable Proxies for Host Intrinsic Prototypes Allows Sandbox Escape
NPM: vm2: Mutable Proxies for Host Intrinsic Prototypes Allows Sandbox Escape vulnerability discovered by ? in WordPress Npm vm2 versions = 3.9.6, = 3.10.5...
📄 WordPress Tutor LMS 3.9.5 Insecure Direct Object Reference
WordPress Tutor LMS plugin versions 3.9.5 and below suffer from broken access control and insecure direct object reference vulnerabilities. CVE-2026-1375: Authenticated IDOR / Broken Access Control in Tutor LMS Plugin Disclaimer: This repository is created for educational purposes and ethical...
CVE-2026-1261
The MetForm Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Quiz feature in all versions up to, and including, 3.9.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
EUVD-2026-10478
The MetForm Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Quiz feature in all versions up to, and including, 3.9.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2026-1261
The MetForm Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Quiz feature in all versions up to, and including, 3.9.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2026-1261
The MetForm Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Quiz feature in all versions up to, and including, 3.9.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2026-1261 MetForm Pro <= 3.9.6 - Unauthenticated Stored Cross-Site Scripting
The MetForm Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Quiz feature in all versions up to, and including, 3.9.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
WordPress Tutor LMS plugin <= 3.9.6 - Unauthenticated SQL Injection via coupon_code vulnerability
Unauthenticated SQL Injection via couponcode vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Tutor LMS versions = 3.9.6...
CVE-2025-13673
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to SQL Injection via the 'couponcode' parameter in all versions up to, and including, 3.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2025-13673 Tutor LMS <= 3.9.6 - Unauthenticated SQL Injection via coupon_code
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to SQL Injection via the 'couponcode' parameter in all versions up to, and including, 3.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2025-13673
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to SQL Injection via the 'couponcode' parameter in all versions up to, and including, 3.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
PT-2026-6042
Name of the Vulnerable Software and Affected Versions Tutor LMS versions prior to 3.9.6 Description The Tutor LMS plugin for WordPress has a flaw where sensitive coupon details can be accessed without proper authorization. The issue stems from insufficient validation within the ajax coupon detail...