276 matches found
CVE-2025-2815 Administrator Z <= 2025.03.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
The Administrator Z plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the adminzimportbackup function in all versions up to, and including, 2025.03.24. This makes it possible for authenticated...
WordPress plugin Administrator Z 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...
WordPress BWL Advanced FAQ Manager plugin <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update vulnerability
Missing Authorization to Authenticated Subscriber+ Limited Arbitrary Options Update vulnerability discovered by Lucio Sá in WordPress Plugin BWL Advanced FAQ Manager versions = 2.1.4...
WordPress Altair theme <= 5.2.4 - Unauthenticated Arbitrary Options Update via pp_import_current vulnerability
Unauthenticated Arbitrary Options Update via ppimportcurrent vulnerability discovered by Tonn in WordPress Theme Altair versions = 5.2.4...
CVE-2025-2103 SoundRise Music <= 1.7 - Authenticated (Subscriber+) Arbitrary Options Update
The SoundRise Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on theironMusicajax function in all versions up to, and including, 1.6.11. This makes it possible for authenticated attackers, with...
WordPress LoginPress plugin <= 3.3.1 - Cross-Site Request Forgery to Arbitrary Options Update vulnerability
Cross-Site Request Forgery to Arbitrary Options Update vulnerability discovered by Carlos Ferreira in WordPress Plugin LoginPress versions = 3.3.1...
WordPress Industrial theme <= 1.7.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by Tonn in WordPress Theme Industrial versions = 1.7.8...
WordPress SoundRise Music plugin <= 1.7 - Authenticated (Subscriber+) Arbitrary Options Update vulnerability
Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by Tonn in WordPress Plugin SoundRise Music versions = 1.6.11...
WordPress Shortcode Cleaner Lite plugin <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Export vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Options Export vulnerability discovered by Krzysztof Zając in WordPress Plugin Shortcode Cleaner Lite versions = 1.0.9...
CVE-2025-1481
CVE-2025-1481 concerns the WordPress plugin Shortcode Cleaner Lite. Multiple connected sources confirm a missing capability check in download_backup() that can allow authenticated users with Subscriber-level access and above to export arbitrary options. Affected versions are all up to and includi...
WordPress plugin Shortcode Cleaner Lite 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress UiPress lite plugin <= 3.5.04 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by vgo0 in WordPress Plugin UiPress lite versions = 3.5.04...
CVE-2024-9195
The WHMPress - WHMCS Client Area plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updatesettings case in the /admin/ajax.php file in all versions up to, and including, 4.3-revision-3. This makes ...
CVE-2024-9195 WHMPress - WHMCS Client Area <= 4.3-revision-3- Authenticated (Subscriber+) Arbitrary Options Update
The WHMPress - WHMCS Client Area plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updatesettings case in the /admin/ajax.php file in all versions up to, and including, 4.3-revision-3. This makes ...
CVE-2024-9195
CVE-2024-9195 affects the WordPress plugin WHMPress — WHMCS Client Area (for WordPress) and is caused by a missing capability check on the update_settings operation in the file /admin/ajax.php . It allows authenticated attackers with Subscriber+ privileges to modify arbitrary options, potentially...
CVE-2024-9193
Summary: CVE-2024-9193 affects the WordPress WHMpress plugin (versions
WordPress WHMPress - WHMCS Client Area plugin <= 4.3-revision-3 - Authenticated (Subscriber+) Arbitrary Options Update vulnerability
WordPress WHMPress - WHMCS Client Area plugin = 4.3-revision-3 - Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by Tonn in WordPress Plugin WHMCS Client Area for WordPress by WHMpress versions = 4.3-revision-3...
WordPress WHMpress plugin <= 6.3-revision-0 - Unauthenticated Local File Inclusion to Arbitrary Options Update vulnerability
Unauthenticated Local File Inclusion to Arbitrary Options Update vulnerability discovered by Tonn in WordPress Plugin WHMpress versions = 6.3-revision-0...
WordPress Shopwarden plugin <= 1.0.11 - Cross-Site Request Forgery to Arbitrary Options Update vulnerability
Cross-Site Request Forgery to Arbitrary Options Update vulnerability discovered by Brian Sans-Souci liardom in WordPress Plugin Shopwarden versions = 1.0.11...
WordPress Option Editor plugin <= 1.0 - Cross-Site Request Forgery to Arbitrary Options Update vulnerability
Cross-Site Request Forgery to Arbitrary Options Update vulnerability discovered by Colin Xu in WordPress Plugin Option Editor versions = 1.0...