CVE-2026-10023

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.3 via the changeorderstatus, addordernote, deleteordernote,...

CVE-2026-2446

The PowerPack for LearnDash WordPress plugin before 1.3.0 does not have authorization and CRSF checks in an AJAX action, allowing unauthenticated users to update arbitrary WordPress options such as defaultrole etc and create arbitrary admin users...

CVE-2025-12525 Locker Content <= 1.0.0 - Unauthenticated Information Exposure

The Locker Content plugin for WordPress is vulnerable to Sensitive Information Exposure in version 1.0.0 via the 'lockercosubmitpost' AJAX endpoint. This makes it possible for unauthenticated attackers to extract content from posts that has been protected by the plugin...

CVE-2025-12426

The Quiz Maker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.7.0.80. This is due to the plugin exposing quiz answers through the aysquizcheckanswer AJAX action without proper authorization checks. The endpoint only validates a nonce,...

EUVD-2025-25718

Malicious code in bioql PyPI...

WordPress plugin RepairBuddy 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin WooCommerce Order Status Change Notifier 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2023-0619

The Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset image...

CVE-2022-2369

The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin...

WordPress的Video Conferencing with Zoom插件信息泄露漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An information disclosure vulnerability exists in WordPress Video Conferencing with Zoom Plugin prior to versi...