5260 matches found
CVE-2025-12665
The Ninja Countdown | Fastest Countdown Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ninjacountdownadminajax' AJAX endpoint in all versions up to, and including, 1.5.0. This makes it possible for authenticated attackers, with...
CVE-2025-12526
The Private Google Calendars plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pgcremove' action in all versions up to, and including, 20250811. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2025-11996
The Find Unused Images plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the fuideleteimage and fuideleteallimages functiosn in all versions up to, and including, 1.0.7. This makes it possible for unauthenticated attackers to delete all of a site...
PT-2025-46569
Name of the Vulnerable Software and Affected Versions Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images plugin for WordPress versions through 1.8.3 Description The Alt Text Generator AI plugin for WordPress is susceptible to unauthorized data loss. A missing capability chec...
WordPress LC Wizard plugin elevation of privilege vulnerability
WordPress LC Wizard plugin is a plugin with security vulnerabilities. WordPress LC Wizard plugin has an elevation of privilege vulnerability that stems from a missing capability check in the ghl-wizard/inc/wpuser.php file, which can be exploited by an attacker to cause an elevation of privilege...
CVE-2025-12953
Summary (CVE-2025-12953): The WordPress plugin “Classified Listing – AI-Powered Classified ads & Business Directory Plugin” has a data-modification vulnerability due to a missing capability check in rtcl_ajax_add_listing_type, rtcl_ajax_update_listing_type, and rtcl_ajax_delete_listing_type. Affe...
EUVD-2025-60939
The Ninja Countdown | Fastest Countdown Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ninjacountdownadminajax' AJAX endpoint in all versions up to, and including, 1.5.0. This makes it possible for authenticated attackers, with...
EUVD-2025-60942
The Private Google Calendars plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pgcremove' action in all versions up to, and including, 20250811. This makes it possible for authenticated attackers, with Subscriber-level access and...
EUVD-2025-60967
The Find Unused Images plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the fuideleteimage and fuideleteallimages functiosn in all versions up to, and including, 1.0.7. This makes it possible for unauthenticated attackers to delete all of a site...
CVE-2025-12665
The Ninja Countdown | Fastest Countdown Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ninjacountdownadminajax' AJAX endpoint in all versions up to, and including, 1.5.0. This makes it possible for authenticated attackers, with...
CVE-2025-12526
The Private Google Calendars plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pgcremove' action in all versions up to, and including, 20250811. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2025-11999 Add Multiple Marker <= 1.2 - Missing Authorization to Unauthenticated Settings Update
The Add Multiple Marker plugin for WordPress is vulnerable to unauthorized modification of data to due to a missing capability check on the addmultiplemarkerresetmap and ammsavemapapi functions in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to upda...
CVE-2025-12526 Private Google Calendars <= 20250811 - Missing Authorization to Authenticated (Subscriber+) Settings Reset
The Private Google Calendars plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pgcremove' action in all versions up to, and including, 20250811. This makes it possible for authenticated attackers, with Subscriber-level access and...
PT-2025-46268
Name of the Vulnerable Software and Affected Versions Find Unused Images plugin for WordPress versions through 1.0.7 Description The Find Unused Images plugin for WordPress is susceptible to unauthorized data loss. This is due to a missing capability check within the fui delete image and fui dele...
PT-2025-46275
Name of the Vulnerable Software and Affected Versions Private Google Calendars plugin for WordPress versions prior to 20250811 Description The Private Google Calendars plugin for WordPress is susceptible to unauthorized data modification. This is caused by a missing capability check on the pgc...
CVE-2025-11448
The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/envira-convert/v1/bulk-convert' REST API endpoint in all versions up to, and including, 1.11.0. This makes it possible for...
CVE-2025-12621
The Flexible Refund and Return Order for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on the 'createrefund' function in all versions up to, and including, 1.0.42. This makes it possible for authenticated attackers, wit...
CVE-2025-12498
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized booking note creation due to a missing capability check on the 'bookingaddnotes' function in all versions up to, and including, 4.2.0.0. This makes it possible for authenticated attackers, wi...
CVE-2025-12167
The Contact Form 7 AWeber Extension plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxaweberlogreset' AJAX endpoint in all versions up to, and including, 0.1.42. This makes it possible for authenticated attackers, with...
CVE-2025-12042
The Course Booking System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in the csv-export.php file in all versions up to, and including, 6.1.5. This makes it possible for unauthenticated attackers to directly access the file and obtain an expo...