2 matches found
CVE-2025-13529 Unify <= 3.4.9 - Missing Authorization to Unauthenticated Option Deletion via 'unify_plugin_downgrade' Parameter
The Unify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'init' action in all versions up to, and including, 3.4.9. This makes it possible for unauthenticated attackers to delete specific plugin options via the 'unifyplugindowngrad...
WordPress Unify plugin <= 3.4.9 - Missing Authorization to Unauthenticated Option Deletion via 'unify_plugin_downgrade' Parameter vulnerability
Missing Authorization to Unauthenticated Option Deletion via 'unifyplugindowngrade' Parameter vulnerability discovered by Legion Hunter in WordPress Plugin Unify versions = 3.4.9...