357 matches found
CVE-2025-13314
The Product Filtering by Categories, Tags, Price Range for WooCommerce – Filter Plus plugin for WordPress is vulnerable to unauthorized modification of data in all versions up to, and including, 1.1.6 due to a missing capability check on the 'filtersavesettings' and 'addfilteroptions' AJAX action...
CVE-2025-13866
The Flow-Flow Social Feed Stream plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flowflowsocialauth AJAX action in versions 3.0.0 to 4.7.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...
PT-2025-51073
The Popup Builder Easy Notify Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the easynotify cp reset function in all versions up to, and including, 1.1.37. This makes it possible for authenticated attackers, with Subscriber-level...
WordPress plugin Popup Builder (Easy Notify Lite) 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
CVE-2025-14045
CVE-2025-14045 affects the URL Media Uploader plugin for WordPress. A missing capability check in url_media_uploader_url_upload_ajax_handler() allows authenticated users with Contributor+ access to upload safe media files across all versions up to 1.0.1. Remediation suspected: upgrade to 1.0.1 or...
PT-2025-50847
The URL Media Uploader plugin for WordPress is vulnerable to unauthorized safe file uploads due to a missing capability check on the url media uploader url upload ajax handler function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with...
EUVD-2025-201523
The Listar – Directory Listing & Classifieds WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/listar/v1/place/save' REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for...
CVE-2025-12091
The Search, Filters & Merchandising for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcissaveemail' endpoint in all versions up to, and including, 3.0.67. This makes it possible for authenticated attackers, with...
PT-2025-49331
The Listar – Directory Listing & Classifieds WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the '/wp-json/listar/v1/place/delete' REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for...
EUVD-2025-201359
The Live CSS Preview plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxfrontendsave' AJAX endpoint in all versions up to, and including, 2.0.0. This makes it possible for authenticated attackers, with Subscriber-level access an...
PT-2025-48791
The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the process status unlink function in all versions up to, and including, 2.3.8. This makes it possible for unauthenticate...
CVE-2025-13558
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'deleteUserCcDraftPost' function in all versions up to, and including, 8.7.0. This makes it possible for authenticated attackers, wi...
EUVD-2025-199660
The AI Feeds plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizadorgit.php' file in all versions up to, and including, 1.0.11. This makes it possible for unauthenticated attackers to download arbitrary GitHub repositories and overwrite...
PT-2025-47983
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'deleteUserCcDraftPost' function in all versions up to, and including, 8.7.0. This makes it possible for authenticated attackers, wi...
PT-2025-48001
The Refund Request for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update refund status' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-10054
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ehcrmremoveagent' function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, wit...
EUVD-2025-198534
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized modification od data due to a missing capability check on the pandingbloodrequestaction function in all versions up to, and including, 2.1.15. This makes it possible for...
CVE-2025-13136
The GSheetConnector For Ninja Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'njform-google-sheet-config ' page in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-11773
The Cryptocurrency Token, Launchpad Presale, ICO & IDO, Airdrop by TokenICO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveDeployedContract' function in all versions up to, and including, 2.4.7. This makes it possible for...
PT-2025-47826
Name of the Vulnerable Software and Affected Versions IDonate – Blood Donation, Request And Donor Management System plugin for WordPress versions up to and including 2.1.15 Description The IDonate plugin for WordPress is susceptible to unauthorized data modification. A missing capability check...