276 matches found
WordPress plugin Gutena Forms 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-2446 Powerpack for LearnDash < 1.3.0 - Unauthenticated Arbitrary Option Update
The PowerPack for LearnDash WordPress plugin before 1.3.0 does not have authorization and CRSF checks in an AJAX action, allowing unauthenticated users to update arbitrary WordPress options such as defaultrole etc and create arbitrary admin users...
CVE-2026-0912 Toret Manager <= 1.2.7 - Authenticated (Subscriber+) Arbitrary Options Update via AJAX actions
The Toret Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'trmansaveoption' function and on the 'trmansaveoptionitems' in all versions up to, and including, 1.2.7. This makes it possible...
CVE-2025-15041
The CVE refers to BackWPup – WordPress Backup & Restore Plugin for WordPress, where a missing capability check in save_site_option() in versions
CVE-2025-15041 BackWPup <= 5.6.2 - Authenticated (BackWPup Helper+) Privilege Escalation via Arbitrary Options Update
The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the savesiteoption function in all versions up to, and including, 5.6.2. This makes it possible for...
WordPress BackWPup plugin <= 5.6.2 - Authenticated (BackWPup Helper+) Privilege Escalation via Arbitrary Options Update vulnerability
Authenticated BackWPup Helper+ Privilege Escalation via Arbitrary Options Update vulnerability discovered by 0N0ise - cert.pl in WordPress Plugin BackWPup versions = 5.6.2...
WordPress plugin Toret Manager 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress Toret Manager plugin <= 1.2.7 - Authenticated (Subscriber+) Arbitrary Options Update via AJAX actions vulnerability
Authenticated Subscriber+ Arbitrary Options Update via AJAX actions vulnerability discovered by vgo0 in WordPress Plugin Toret Manager versions = 1.2.7...
CVE-2026-1937 YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Options Update via 'yaymail_import_state' AJAX Action
The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the yaymailimportstate AJAX action in all versions up to, and including, 4.3.2. This makes it possible for...
WordPress YayMail plugin <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Options Update via 'yaymail_import_state' AJAX Action vulnerability
Missing Authorization to Authenticated Shop Manager+ Arbitrary Options Update via 'yaymailimportstate' AJAX Action vulnerability discovered by whizzu in WordPress Plugin YayMail – WooCommerce Email Customizer versions = 4.3.2...
CVE-2025-15157
The CVE applies to the WordPress plugin Starfish Review Generation & Marketing (WordPress
WordPress WCFM - WooCommerce Frontend Manager plugin <= 6.7.24 - Authenticated (Shop Manager+) Arbitrary Options Update vulnerability
WordPress WCFM - WooCommerce Frontend Manager plugin = 6.7.24 - Authenticated Shop Manager+ Arbitrary Options Update vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - cyberdogzmarketing.com | krei.dev | ogbuilders.io in WordPress Plugin WCFM – Frontend Manager for WooCommerce versions...
CVE-2026-0845 WCFM - WooCommerce Frontend Manager <= 6.7.24 - Authenticated (Shop Manager+) Arbitrary Options Update
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'WCFMSettingsController::processing' function in...
CVE-2026-0845 WCFM - WooCommerce Frontend Manager <= 6.7.24 - Authenticated (Shop Manager+) Arbitrary Options Update
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'WCFMSettingsController::processing' function in...
WordPress ElementInvader Addons for Elementor plugin <= 1.3.1 - Missing Authorization to Arbitrary Options Read vulnerability
Missing Authorization to Arbitrary Options Read vulnerability discovered by Francesco Carlucci in WordPress Plugin ElementInvader Addons for Elementor versions = 1.3.1...
WordPress Post Grid Gutenberg Blocks and WordPress Blog Plugin - PostX plugin <= 4.1.2 - Missing Authorization to Arbitrary Options Update vulnerability
WordPress Post Grid Gutenberg Blocks and WordPress Blog Plugin - PostX plugin = 4.1.2 - Missing Authorization to Arbitrary Options Update vulnerability discovered by 1337Wannabe - home in WordPress Plugin PostX versions = 4.1.2...
CVE-2025-13471
The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...
CVE-2025-13471
CVE-2025-13471 affects the WordPress plugin User Activity Log (
CVE-2025-13471 User Activity Log <= 2.2 - Unauthenticated Limited Arbitrary Option Update
The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...
CVE-2025-13471 User Activity Log <= 2.2 - Unauthenticated Limited Arbitrary Option Update
The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...