WordPress Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin <= 5.3.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Modification vulnerability discovered by momopon1415 in WordPress Plugin Classified Listing versions = 5.3.10...

WordPress FundPress – WordPress Donation Plugin plugin <= 2.0.8 - Missing Authorization to Unauthenticated Arbitrary Donation Status Modification vulnerability

Missing Authorization to Unauthenticated Arbitrary Donation Status Modification vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin FundPress versions = 2.0.8...

WordPress Responsive Blocks – Page Builder for Blocks & Patterns plugin 2.0.9-2.2.1 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary Modification vulnerability discovered by Even S in WordPress Plugin Responsive Blocks versions 2.0.9-2.2.1...

WordPress Ziggeo plugin <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via 'ziggeo_ajax' AJAX Action vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Modification via 'ziggeoajax' AJAX Action vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Ziggeo versions = 3.1.1...

CVE-2026-4127

CVE-2026-4127: The Speedup Optimization WordPress plugin is vulnerable up to version 1.5.9 due to Missing Authorization in the speedup01_ajax_enabled() AJAX handler, which lacks current_user_can() checks and nonce verification. This differs from other handlers in the same plugin and enables authe...

CVE-2026-4127 Speedup Optimization <= 1.5.9 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update via 'speedup01_enabled' AJAX Action

The Speedup Optimization plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.5.9. The speedup01ajaxenabled function, which handles the wpajaxspeedup01enabled AJAX action, does not perform any capability check via currentusercan and also lacks nonce...

CVE-2026-4127 Speedup Optimization <= 1.5.9 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update via 'speedup01_enabled' AJAX Action

The Speedup Optimization plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.5.9. The speedup01ajaxenabled function, which handles the wpajaxspeedup01enabled AJAX action, does not perform any capability check via currentusercan and also lacks nonce...

WordPress RockPress plugin <= 1.0.17 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via AJAX Actions vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Modification via AJAX Actions vulnerability discovered by Poli - CMC Global in WordPress Plugin RockPress versions = 1.0.17...

WordPress MyRewards plugin <= 5.6.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Tharadol Suksamran d3kc4rt1 in WordPress Plugin MyRewards versions = 5.6.1...

GO-2025-4220 memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos...

CVE-2025-14003 Image Gallery – Photo Grid & Video Gallery <= 2.13.3 - Missing Authorization to Authenticated (Author+) Arbitrary Gallery Modification

The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the addimagestogallerycallback function in all versions up to, and including, 2.13.3. This makes it possible for authenticated attackers, wit...

CVE-2025-60354

Unauthorized modification of arbitrary articles vulnerability exists in blog-vue-springboot...

EUVD-2023-45874

Malicious code in bioql PyPI...

CVE-2025-55367

Incorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account...

CVE-2023-41372

The vulnerability allows an unprivileged untrusted third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcode...

CVE-2025-25382

An issue in the Property Tax Payment Portal in Information Kerala Mission SANCHAYA v3.0.4 allows attackers to arbitrarily modify payment amounts via a crafted request...

CVE-2025-25382

An issue in the Property Tax Payment Portal in Information Kerala Mission SANCHAYA v3.0.4 allows attackers to arbitrarily modify payment amounts via a crafted request...

Information Kerala Mission SANCHAYA 安全漏洞

Information Kerala Mission SANCHAYA is a web-based application of the Information Kerala Mission Government of India department through which citizens can check their tax dues. A security vulnerability exists in Information Kerala Mission SANCHAYA v3.0.4. An attacker can exploit the vulnerability...

CVE-2025-25382

An issue in the Property Tax Payment Portal in Information Kerala Mission SANCHAYA v3.0.4 allows attackers to arbitrarily modify payment amounts via a crafted request...

CVE-2024-46307

A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products...