VulnCheck KEV: CVE-2025-15403

The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.0.7.1. This is due to the 'addmenu' function is accessible via the 'rmuserexists' AJAX action and allows arbitrary updates to the 'adminorder' setting. This makes it possible f...

CVE-2026-4024 Royal Addons for Elementor <= 1.7.1056 - Missing Authorization to Unauthenticated Form Action Meta Modification

The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wprupdateformactionmeta AJAX action in all versions up to, and including, 1.7.1056. The handler is registered on both wpajax and wpajaxnopriv hooks, maki...

SourceCodester Pharmacy Sales and Inventory System 注入漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System has a SQL injection vulnerability, which arises from incorrect handling of the...

VulnCheck KEV: CVE-2026-1969

The trxaddons WordPress plugin before 2.38.5 does not correctly validate file types in one of its AJAX action, allowing unauthenticated users to upload arbitrary file. This is due to an incorrect fix of CVE-2024-13448...

CVE-2026-7088 SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection

A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=savereceiving. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit...

CVE-2026-5488

The CVE-2026-5488 issue affects the ExactMetrics – Google Analytics Dashboard for WordPress plugin (WordPress). It stems from missing capability checks in two AJAX handlers (get_ads_access_token() and reset_experience()), allowing authenticated users with subscriber-level access or higher to retr...

CVE-2026-4280

The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to the brnwpajaxform AJAX endpoint lacking both authorization checks and CSRF verification, combined with insufficient path validation when the brnwptheme option...

CVE-2026-4128

The TP Restore Categories And Taxonomies plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. The deleteterm function, which handles the 'tpmcatttdeleteterm' AJAX action, does not perform any capability check e.g., currentusercan to verify the...

CVE-2026-4128 TP Restore Categories And Taxonomies <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Taxonomy Deletion via 'tpmcattt_delete_term' AJAX Action

The TP Restore Categories And Taxonomies plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. The deleteterm function, which handles the 'tpmcatttdeleteterm' AJAX action, does not perform any capability check e.g., currentusercan to verify the...

CVE-2026-6396 Fast & Fancy Filter – 3F <= 1.2.2 - Cross-Site Request Forgery to Settings Modification via fff_save_settins AJAX Action

The Fast & Fancy Filter – 3F plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.2.2. This is due to missing nonce verification in the saveFields function, which handles the fffsavesettins AJAX action. This makes it possible for unauthenticated...

CVE-2026-4140 Ni WooCommerce Order Export <= 3.1.6 - Cross-Site Request Forgery to Settings Update via ni_order_export_action AJAX Action

The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.1.6. This is due to missing nonce validation in the niorderexportaction AJAX handler function. The handler processes settings updates when the 'page' parameter is...

CVE-2026-4140 Ni WooCommerce Order Export <= 3.1.6 - Cross-Site Request Forgery to Settings Update via ni_order_export_action AJAX Action

The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.1.6. This is due to missing nonce validation in the niorderexportaction AJAX handler function. The handler processes settings updates when the 'page' parameter is...

PT-2026-34291

The TP Restore Categories And Taxonomies plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. The delete term function, which handles the 'tpmcattt delete term' AJAX action, does not perform any capability check e.g., current user can to verify...

CVE-2026-3642

The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.2. The eshotformbuilderupdatefielddata AJAX handler lacks any capability checks currentusercan or nonce verification checkajaxreferer/wpverifynonce. The function is...

CVE-2026-1572

The Livemesh Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 9.0. This is due to missing authorization checks on the AJAX handler laeadminajax and insufficient...

PT-2026-33267

Name of the Vulnerable Software and Affected Versions AcyMailing versions 9.11.0 through 10.8.1 Description A missing capability check on the 'wp ajax acymailing router' AJAX handler allows authenticated attackers with Subscriber-level access or higher to access admin-only controllers, including...

CVE-2026-3642

The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.2. The eshotformbuilderupdatefielddata AJAX handler lacks any capability checks currentusercan or nonce verification checkajaxreferer/wpverifynonce. The function is...

CVE-2026-3649 Katalogportal-pdf-sync Widget <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via 'katalogportal_shortcodePrinter' AJAX Action

The Katalogportal PDF Sync plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.0. The katalogportalpopupshortcode function is registered as an AJAX handler via wpajaxkatalogportalshortcodePrinter but lacks any capability check currentusercan or nonc...

CVE-2026-4002

CVE-2026-4002 affects the Petje.af WordPress plugin (versions

CVE-2026-4365

The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the deletequestionanswer function in all versions up to, and including, 4.3.2.8. The plugin exposes a wprest nonce in public frontend HTML lpData to unauthenticated visitors, and...