4 matches found
CVE-2025-13794
The Auto Featured Image Auto Post Thumbnail plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulkactiongeneratehandler function in all versions up to, and including, 4.2.1. This makes it possible for authenticated attackers, with...
CVE-2025-13794 Auto Featured Image <= 4.2.1 - Missing Authorization to Authenticated (Contributor+) Post Thumbnail Modification
The Auto Featured Image Auto Post Thumbnail plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulkactiongeneratehandler function in all versions up to, and including, 4.2.1. This makes it possible for authenticated attackers, with...
EUVD-2025-27640
Malicious code in bioql PyPI...
CVE-2025-9632 PhpList Subber <= 1.1 - Cross-Site Request Forgery
The PhpList Subber plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the bulkactionhandler function. This makes it possible for unauthenticated attackers to trigger bulk synchronizati...