CVE-2026-9599

The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the admininit function. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

CVE-2026-9599

The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the admininit function. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

EUVD-2026-33894

The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the admininit function. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

PT-2026-45712

The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the admin init function. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

CVE-2025-14173

The Perfit WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. This is due to missing authorization checks on the logout function called via the actions function hooked to admininit. This makes it possible for unauthenticated...

CVE-2025-14173 Perfit WooCommerce <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings Deletion

The Perfit WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. This is due to missing authorization checks on the logout function called via the actions function hooked to admininit. This makes it possible for unauthenticated...

CVE-2025-13441

The Hide Category by User Role for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.3.1. This is due to a missing capability check on the admininit hook that executes wpcacheflush. This makes it possible for unauthenticated attackers ...

PT-2025-48240

The Hide Category by User Role for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.3.1. This is due to a missing capability check on the admin init hook that executes wp cache flush. This makes it possible for unauthenticated attacke...

WordPress IP2Location Country Blocker plugin <= 2.38.8 - Missing Authorization to Unauthenticated Information Exposure via admin_init Function vulnerability

Missing Authorization to Unauthenticated Information Exposure via admininit Function vulnerability discovered by abrahack in WordPress Plugin Download IP2Location Country Blocker versions = 2.38.8...

PT-2024-10851 · WordPress · Woocommerce Smart Coupons

Name of the Vulnerable Software and Affected Versions: WooCommerce Smart Coupons plugin for WordPress versions up to, and including, 4.6.0 Description: The issue is related to authorization bypass due to a missing capability check on the woocommerce coupon admin init function. This allows...

PT-2024-37168 · WordPress · Conditional Fields For Contact Form 7

Name of the Vulnerable Software and Affected Versions: Conditional Fields for Contact Form 7 plugin for WordPress versions up to, and including, 2.4.13 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the wpcf7cf admin init function...

CVE-2024-0779

The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation and CSRF in various function hooked to admininit, allowing unauthenticated users to call them and unlink arbitrary users Instagram Account for example...

Design/Logic Flaw

The Change Memory Limit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the adminlogic function hooked via admininit in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update the memory...

WordPress Plugin Plugin Groups Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-16743 · WordPress · Plugin Groups

Name of the Vulnerable Software and Affected Versions: Plugin Groups plugin for WordPress versions up to, and including, 2.0.6 Description: The issue is related to a missing capability check on the admin init function, which allows unauthenticated attackers to modify the plugin's settings. This c...

WordPress Plugin WP VR Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WP VR < 8.3.15 - Unauthenticated Plugin Downgrade leading to XSS

Description The plugin does not authorisation and CSRF in a function hooked to admininit, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities. v3.8.15 partially fixed the issue as the wrong capability chec...

CVE-2023-5652

The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admininit, allowing unauthenticated users to perform SQL injections...

CVE-2021-4355

The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the downloadorderdetaillist, changeorderlist, and downloadmemberlist functions called via admininit hooks in versions up to, and including, 2.2.7. This makes it possible for...

WordPress Plugin Welcart e-Commerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.WordPress plugin i...