128 matches found
CVE-2026-3546
The CVE concerns the WordPress plugin e-shot form builder (≤ v1.0.2). The vulnerable component is eshot_form_builder_get_account_data(), registered as a wp_ajax_ AJAX handler accessible to all authenticated users. The function lacks capability checks (no current_user_can) and does not verify a no...
PT-2026-26858
Name of the Vulnerable Software and Affected Versions e-shot form builder plugin for WordPress versions up to and including 1.0.2 Description The e-shot form builder plugin for WordPress is susceptible to exposure of sensitive information. The eshot form builder get account data function,...
CVE-2026-2888
The Formidable Forms plugin for WordPress is vulnerable to an authorization bypass through user-controlled key in all versions up to, and including, 6.28. This is due to the frmstrpamount AJAX handler updateintentajax overwriting the global $POST data with attacker-controlled JSON input and then...
CVE-2026-2888 Formidable Forms <= 6.28 - Unauthenticated Payment Amount Manipulation via 'item_meta' Parameter
The Formidable Forms plugin for WordPress is vulnerable to an authorization bypass through user-controlled key in all versions up to, and including, 6.28. This is due to the frmstrpamount AJAX handler updateintentajax overwriting the global $POST data with attacker-controlled JSON input and then...
WordPress plugin Formidable Forms 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2026-3222
The WP Maps plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'locationid' parameter in all versions up to, and including, 4.9.1. This is due to the plugin's database abstraction layer FlipperCodeModelBase::iscolumn treating user input wrapped in backticks as column...
CVE-2026-3222
WP Maps plugin for WordPress is vulnerable to a time-based blind SQL injection via the location_id parameter in versions up to 4.9.1. Root cause: the database abstraction layer (FlipperCode_Model_Base::is_column()) accepts user input wrapped in backticks as column names, bypassing esc_sql(). Addi...
CVE-2026-3453 ProfilePress <= 4.16.11 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Subscription Cancellation/Expiration
The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the changeplansubid parameter in the processcheckout function. The ppressprocesscheckout AJAX handler accepts a...
CVE-2026-2371
Summary (CVE-2026-2371) The Greenshift – animation and page builder blocks WordPress plugin versions up to and including 12.8.3 are vulnerable to an insecure direct object reference in the gspb_el_reusable_load AJAX handler. The handler accepts an arbitrary post_id and renders the content of any ...
CVE-2026-2371 Greenshift <= 12.8.3 - Missing Authorization to Unauthenticated Private Reusable Block Disclosure via 'gspb_el_reusable_load'
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 12.8.3. This is due to missing authorization and post status validation in the gspbelreusableload AJAX handler. The handler accepts an...
CVE-2026-28557
The vulnerability CVE-2026-28557 affects wpForo Forum 2.4.14, due to a missing capability check in the wpforo_synch_roles AJAX handler. Any authenticated user can access the usergroups admin page to obtain a nonce and bulk-remap all wpForo usergroups to arbitrary WordPress roles, enabling privile...
CVE-2026-28555 wpForo Forum 2.4.14 Missing Authorization via Topic Close AJAX Handler
wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to close or reopen any forum topic via the wpforocloseajax handler. Attackers submit a valid nonce with an arbitrary topic ID to bypass the moderator permission requirement and disrupt forum...
CVE-2026-28554
wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to approve or unapprove any forum post via the wpforoapproveajax AJAX handler. Attackers exploit the nonce-only check by submitting a valid nonce with an arbitrary post ID to bypass moderation...
CVE-2026-1929 Advanced Woo Labels <= 2.37 - Authenticated (Contributor+) Remote Code Execution via 'callback' Parameter
The Advanced Woo Labels plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.37. This is due to the use of calluserfuncarray with user-controlled callback and parameters in the getselectoptionvalues AJAX handler without an allowlist of permitted...
CVE-2026-2385 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.7 - Unauthenticated Email Relay
The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 6.4.7. This is due to the plugin decrypting and trusting...
CVE-2026-27174
MajorDoMo aka Major Domestic Module allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/panel.class.php causes execution to continue past a redirect call that lacks an exit statement, allowing unauthenticated requests to reach th...
CVE-2026-27174 MajorDoMo Unauthenticated Remote Code Execution via Admin Console Eval
MajorDoMo aka Major Domestic Module allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/panel.class.php causes execution to continue past a redirect call that lacks an exit statement, allowing unauthenticated requests to reach th...
CVE-2026-2386
The Plus Addons for Elementor vulnerability (CVE-2026-2386) affects WordPress plugin The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce. It relies on tpae_create_page() AJAX handler which authorizes only current_user_can('edit_posts') but passes ...
PT-2026-20510
Name of the Vulnerable Software and Affected Versions MajorDoMo affected versions not specified Description An include order bug in modules/panel.class.php allows execution to continue past a redirect call that lacks an exit statement. This enables unauthenticated requests to reach the ajax handl...
MajorDoMo 代码注入漏洞
MajorDoMo is an open-source DIY smart home automation platform developed by the MajorDoMo community. There is a code injection vulnerability in MajorDoMo. This vulnerability stems from an error in the inclusion order of modules/panel.class.php, which causes the execution to continue after a...