Exploit for CVE-2026-7465

CVE-2026-7465 - Spectra Gutenberg Blocks isregistered $block...

CVE-2026-4038

The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomaticcallaifunctionrealtime' function in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers ...

WordPress Aimogen Pro plugin <= 2.7.5 - Unauthenticated Privilege Escalation via Arbitrary Function Call vulnerability

Unauthenticated Privilege Escalation via Arbitrary Function Call vulnerability discovered by Hung Nguyen yoriss - VN in WordPress Plugin Aimogen Pro versions = 2.7.5...

EUVD-2026-13522

The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomaticcallaifunctionrealtime' function in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers ...

CVE-2026-4038 Aimogen Pro <= 2.7.5 - Unauthenticated Privilege Escalation via Arbitrary Function Call

The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomaticcallaifunctionrealtime' function in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers ...

CVE-2026-4038 Aimogen Pro <= 2.7.5 - Unauthenticated Privilege Escalation via Arbitrary Function Call

The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomaticcallaifunctionrealtime' function in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers ...

CVE-2026-4038

The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomaticcallaifunctionrealtime' function in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers ...

WordPress Inpersttion For Theme plugin <= 1.0 - Authenticated (Contributor+) Arbitrary Function Call vulnerability

Authenticated Contributor+ Arbitrary Function Call vulnerability discovered by Peter Thaleikis in WordPress Plugin Inpersttion For Theme versions = 1.0...

CVE-2025-28993 WordPress Content No Cache plugin <= 0.1.4 - Arbitrary Function Call vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Jose Mortellaro Content No Cache content-no-cache allows Code Injection.This issue affects Content No Cache: from n/a through = 0.1.4...

CVE-2025-28993

CVE-2025-28993 concerns the WordPress plugin Content No Cache . The vulnerability is an Improper Control of Generation of Code (Code Injection) , allowing an arbitrary function call due to flaws in the plugin’s code generation logic. Affected versions are listed as up to 0.1.3 (n/a through 0.1.3)...

CVE-2025-47691 WordPress Ultimate Member plugin <= 2.10.3 - Arbitrary Function Call vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Ultimate Member Ultimate Member ultimate-member allows Code Injection.This issue affects Ultimate Member: from n/a through = 2.10.3...

CVE-2025-47691 WordPress Ultimate Member plugin <= 2.10.3 - Arbitrary Function Call vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Ultimate Member Ultimate Member allows Code Injection. This issue affects Ultimate Member: from n/a through 2.10.3...

WordPress Advanced Custom Fields PRO plugin <= 6.3.7 - Administrator+ Limited Arbitrary Function Call vulnerability

Administrator+ Limited Arbitrary Function Call vulnerability discovered by Automattic Security Team in WordPress Plugin Advanced Custom Fields PRO versions = 6.3.7...

WordPress Advanced Custom Fields plugin <= 6.3.6 - Administrator+ Limited Arbitrary Function Call vulnerability

Administrator+ Limited Arbitrary Function Call vulnerability discovered by Automattic Security Team in WordPress Plugin Advanced Custom Fields versions = 6.3.6...

CVE-2024-8268 Frontend Dashboard <= 2.2.4 - Authenticated (Subscriber+) Arbitrary Function Call

The Frontend Dashboard plugin for WordPress is vulnerable to unauthorized code execution due to insufficient filtering on callable methods/functions via the ajaxrequest function in all versions up to, and including, 2.2.4. This makes it possible for authenticated attackers, with subscriber-level...

WordPress Frontend Dashboard plugin <= 2.2.4 - Authenticated (Subscriber+) Arbitrary Function Call vulnerability

Authenticated Subscriber+ Arbitrary Function Call vulnerability discovered by Lucio Sá in WordPress Plugin Frontend Dashboard versions = 2.2.4...

CVE-2022-2314 VR Calendar < 2.3.2 - Unauthenticated Arbitrary Function Call

The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site...

WordPress VR Calendar plugin < 2.3.1 - Unauthenticated Arbitrary Function Call vulnerability

Unauthenticated Arbitrary Function Call vulnerability discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress VR Calendar plugin versions 2.3.1. Solution Update the WordPress VR Calendar plugin to the latest available version at least 2.3.1...

VR Calendar < 2.3.2 - Unauthenticated Arbitrary Function Call

The plugin lets any user execute arbitrary PHP functions on the site. PoC https://example.com/wp-admin/admin-post.php?vrccmd=phpinfo...

CVE-2022-0885

The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments...