149 matches found
CVE-2025-13334 Blaze Demo Importer 1.0.0 - 1.0.13 - Missing Authorization to Authenticated (Subscriber+) Database Reset and File Deletion
The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file deletion due to a missing capability check on the "blazedemoimporterinstalldemo" function in all versions up to, and including, 1.0.13. This makes it possible for authenticated attackers, with...
WordPress PostGallery plugin <= 1.12.5 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability
Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Moose Love - Nagasaki Prefectural University in WordPress Plugin PostGallery versions = 1.12.5...
WordPress UiPress lite plugin <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by abrahack in WordPress Plugin UiPress lite versions = 3.5.08...
WordPress Return Refund and Exchange For WooCommerce plugin <= 4.5.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Order Message Read vulnerability
Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary Order Message Read vulnerability discovered by Powpy in WordPress Plugin Return Refund and Exchange For WooCommerce versions = 4.5.5...
WordPress Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO plugin <= 2.4.7 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Cryptocurrency Token, Launchpad Presale, ICO & IDO, Airdrop by TokenICO versions = 2.4.7...
WordPress Directorist plugin <= 8.5.2 - Missing Authorization to Authenticated (Subscriber+) Data Export and Slug Update vulnerability
Missing Authorization to Authenticated Subscriber+ Data Export and Slug Update vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Directorist versions = 8.5.2...
CVE-2025-12376
The Icon List Block – Add Icon-Based Lists with Custom Styles plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.1 via the fsapirequest function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-10295 Angel – Fashion Model Agency WordPress CMS Theme <= 3.2.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting
The Angel – Fashion Model Agency WordPress CMS Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting the profile media uploader in all versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
EUVD-2025-158262
The AI Engine plugin for WordPress is vulnerable to PHP Object Injection via PHAR Deserialization in all versions up to, and including, 3.1.8 via deserialization of untrusted input in the 'restsimpleTranscribeAudio' and 'restsimpleVisionQuery' functions. This makes it possible for authenticated...
CVE-2025-11168
CVE-2025-11168 (Mementor Core, WordPress) The vulnerability affects Mementor Core plugin for WordPress versions up to 2.2.5. It stems from improper handling of the user switch-back function, enabling authenticated attackers with Subscriber-level access or higher to escalate to an administrator ac...
CVE-2025-12167
CVE-2025-12167 affects the WordPress plugin “Contact Form 7 AWeber Extension” (versions through 0.1.42). The root cause is a missing capability check on the AJAX endpoint named wp_ajax_aweber_logreset, allowing authenticated users with Subscriber-level access and above to modify data by resetting...
CVE-2025-12560
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 8.6.0 via the getFullContent function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make we...
CVE-2025-6574
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and excluding, 6.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for...
CVE-2025-11740
The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the Subscriptions Manager in all versions up to, and including, 2.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-10706
CVE-2025-10706 pertains to the Classified Pro WordPress theme. Wordfence and CVE records confirm a missing capability check in cwp_addons_update_plugin_cb across all versions
CVE-2025-10269
The Spirit Framework plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php files on the server, allowing the executi...
CVE-2025-9260
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to PHP Object Injection in versions 5.1.16 to 6.1.1 via deserialization of untrusted input in the parseUserProperties function. This makes it possible for authenticated...
CVE-2025-9345
CVE-2025-9345 : Path Traversal to Arbitrary File Download in the WordPress plugin “File Manager, Code Editor, and Backup by Managefy.” Affected versions: all up to 1.4.8. Root cause per sources: authenticated users (Subscriber level and higher) can leverage ajax_downloadfile() to access files out...
CVE-2025-9048
The Wptobe-memberships plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delimgajaxcall function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-9048 Wptobe-memberships <= 3.4.2 - Authenticated (Subscriber+) Arbitrary File Deletion
The Wptobe-memberships plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delimgajaxcall function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...