276 matches found
WordPress GenerateBlocks plugin <= 2.1.1 - Improper Authorization to Authenticated (Contributor+) Arbitrary Options Disclosure vulnerability
Improper Authorization to Authenticated Contributor+ Arbitrary Options Disclosure vulnerability discovered by Lucas Montes Nirox in WordPress Plugin GenerateBlocks versions = 2.1.1...
EUVD-2021-34201
Malicious code in bioql PyPI...
EUVD-2023-43882
Malicious code in bioql PyPI...
EUVD-2025-12384
Malicious code in bioql PyPI...
CVE-2025-9054
The MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'wcmlimsettingsajaxhandler' function in all versions up to, and including, 4.2.8...
CVE-2025-9054 MultiLoca - WooCommerce Multi Locations Inventory Management <= 4.2.8 - Missing Authorization to Unauthenticated Arbitrary Options Update via 'wcmlim_settings_ajax_handler'
The MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'wcmlimsettingsajaxhandler' function in all versions up to, and including, 4.2.8...
CVE-2025-9054
CVE-2025-9054 affects the MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress. The issue is unauthorized modification of data due to a missing capability check in the wcmlim_settings_ajax_handler, impacting all versions up to 4.2.8. This allows unauthenticated attack...
CVE-2025-8423
The My WP Translate plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mtswptremoveplugin and ajaxupdateexportcode functions in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with...
CVE-2025-8425 My WP Translate <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
The My WP Translate plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajaximportstrings function in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with...
CVE-2025-8423 My WP Translate <= 1.1 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Option Read and Deletion
The My WP Translate plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mtswptremoveplugin and ajaxupdateexportcode functions in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with...
WordPress Platform theme < 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Options Update vulnerability
Missing Authorization to Unauthenticated Arbitrary Options Update vulnerability discovered by Marc-Alexandre Montpas in WordPress Theme Platform versions 1.4.4...
CVE-2023-3204
The Materialis theme for WordPress is vulnerable to limited arbitrary options updates in versions up to, and including, 1.1.24. This is due to missing authorization checks on the companiondisablepopup function called via an AJAX action. This makes it possible for authenticated attackers, with...
CVE-2025-39352 WordPress Grand Restaurant WordPress theme <= 7.0 - Arbitrary Options Deletion vulnerability
Missing Authorization vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant: from n/a through = 7.0...
CVE-2025-1279
CVE-2025-1279 affects the WordPress plugin BM Content Builder (versions up to 3.16.2.1). The issue is a missing capability check on the AJAX action ux_cb_tools_import_item_ajax , enabling authenticated users with Subscriber+ to perform unauthorized updates to arbitrary WordPress options. This can...
CVE-2025-3058
CVE-2025-3058 (Xelion Webchat, WordPress) affects the Xelion Webchat plugin for WordPress, up to and including version 9.1.0. The flaw is a missing capability check in the xwc_save_settings() function, enabling an authenticated attacker with Subscriber+ privileges to update arbitrary options. Doc...
WordPress Grand Restaurant WordPress theme <= 7.0 - Arbitrary Options Deletion vulnerability
Arbitrary Options Deletion vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Grand Restaurant versions = 7.0...
CVE-2025-3417 Embedder 1.3 - 1.3.5 - Authenticated (Subscriber+) Arbitrary Options Update
The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajaxsetglobaloption function in versions 1.3 to 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level acce...
CVE-2025-3063
The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajaxcallbackupdatesaoption function in versions 2.0 to 2.1. This makes it possible for authenticated attackers, with...
CVE-2025-2266
The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the cwmpUpdateOptions function in versions 8.6.5 to 8.7.5. This makes it possible for unauthenticated...
WordPress Administrator Z plugin <= 2025.03.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by kr0d in WordPress Plugin Administrator Z versions = 2025.03.24...