CVE-2025-70141

SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php. The AJAX dispatcher does not enforce authentication or authorization before invoking administrative methods in adminclass.php based on the action parameter. An unauthenticated remote attacke...

CVE-2025-15524 Gallery by FooGallery <= 3.1.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Gallery Metadata Exposure

The Gallery by FooGallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxgetgalleryinfo function in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

EUVD-2013-2579

Malware in sbrugna...

Exploit for CVE-2025-47646

🔐 CVE-2025-47646 – PSW Front-end Login & Registration pswfo...

WordPress plugin Royal Elementor Addons and Templates security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

CVE-2023-6077

The Slider WordPress plugin before 3.5.12 does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft and password protect...

PT-2022-24569 · WordPress · The Car Dealer (Dealership)/Vehicle Sales Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Car Dealer Dealership and Vehicle sales WordPress Plugin versions prior to 3.05 Description: The issue is related to improper authorization and CSRF in an AJAX action. This allows any authenticated users, such as subscribers, to call the...

PT-2022-21090 · WordPress · Soledad

Name of the Vulnerable Software and Affected Versions: Soledad WordPress theme versions prior to 8.2.5 Description: The issue arises from the lack of sanitization of certain parameters, including id and datafiltertype, in the penci more slist post ajax AJAX action. This leads to a Reflected...

PT-2022-16249 · WordPress · Directorist

Name of the Vulnerable Software and Affected Versions: Directorist WordPress plugin versions prior to 7.3.1 Description: The issue concerns the disclosure of email addresses of all users through an AJAX action. This action is accessible to both unauthenticated and any authenticated users...

CVE-2022-1656

Vulnerable versions of the JupiterX Theme =2.0.6 allow any logged-in user, including subscriber-level users, to access any of the functions registered in lib/api/api/ajax.php, which also grant access to the jupiterxapiajax actions registered by the JupiterX Core Plugin =2.0.6. This includes the...

CVE-2020-12073

The responsive-add-ons plugin before 2.2.7 for WordPress has incorrect access control for wp-admin/admin-ajax.php?action= requests...

VulnCheck KEV: CVE-2014-9735

The ThemePunch Slider Revolution revslider plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to 1 upload and execute arbitrary files via an...