CVE-2026-5488

The CVE-2026-5488 issue affects the ExactMetrics – Google Analytics Dashboard for WordPress plugin (WordPress). It stems from missing capability checks in two AJAX handlers (get_ads_access_token() and reset_experience()), allowing authenticated users with subscriber-level access or higher to retr...

EUVD-2026-25393

The ExactMetrics – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 9.1.2. This is due to missing capability checks in the getadsaccesstoken and resetexperience AJAX handlers. While the mi-admin-nonce is localized...

WordPress ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) plugin <= 9.1.2 - Authenticated (Subscriber+) Missing Authorization to Google Ads Access Token Retrieval vulnerability

Authenticated Subscriber+ Missing Authorization to Google Ads Access Token Retrieval vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin ExactMetrics versions = 9.1.2...

PT-2026-34649

The ExactMetrics – Google Analytics Dashboard for WordPress Website Stats Plugin plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation in all versions up to, and including, 9.1.2. This is due to the reports page exposing the 'onboarding key' transient to...

CVE-2026-2931

The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 9.1.2. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

EUVD-2026-16095

The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 9.1.2. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

CVE-2025-69378

Incorrect Privilege Assignment vulnerability in XforWooCommerce Product Filter for WooCommerce prdctfltr allows Privilege Escalation.This issue affects Product Filter for WooCommerce: from n/a through = 9.1.2...

CVE-2025-69378

Incorrect Privilege Assignment vulnerability in XforWooCommerce Product Filter for WooCommerce prdctfltr allows Privilege Escalation.This issue affects Product Filter for WooCommerce: from n/a through = 9.1.2...

CVE-2025-69378 WordPress Product Filter for WooCommerce plugin <= 9.1.2 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in XforWooCommerce Product Filter for WooCommerce prdctfltr allows Privilege Escalation.This issue affects Product Filter for WooCommerce: from n/a through = 9.1.2...

CVE-2025-69378 WordPress Product Filter for WooCommerce plugin <= 9.1.2 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in XforWooCommerce Product Filter for WooCommerce prdctfltr allows Privilege Escalation.This issue affects Product Filter for WooCommerce: from n/a through = 9.1.2...

PT-2026-21159

Name of the Vulnerable Software and Affected Versions XforWooCommerce Product Filter for WooCommerce versions through 9.1.2 Description A privilege assignment issue exists in XforWooCommerce Product Filter for WooCommerce prdctfltr. This allows for privilege escalation. Recommendations Update...

WordPress plugin Product Filter for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

WordPress Product Filter for WooCommerce plugin <= 9.1.2 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Product Filter for WooCommerce versions = 9.1.2...

CVE-2025-67278

An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via a crafted HTTP request...

CVE-2025-67281

In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple SQL injection vulnerabilities exists which allow a low privileged and administrative user to access the database and its content...

CVE-2025-67278

An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via a crafted HTTP request...

CVE-2025-67281

In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple SQL injection vulnerabilities exists which allow a low privileged and administrative user to access the database and its content...

CVE-2024-39666

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 9.1.2...

CVE-2021-41021

A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command...

CVE-2025-67278

An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via a crafted HTTP request...