2 matches found
WordPress FindAll Listing plugin <= 1.0.5 - Unauthenticated Privilege Escalation vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by シルAsuna in WordPress Plugin FindAll Listing versions = 1.0.5...
CVE-2025-13538
The FindAll Listing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.5. This is due to the 'findalllistinguserregistrationadditionalparams' function not restricting what user roles a user can register with. This makes it possible for...