5256 matches found
CVE-2025-12360 Better Find and Replace <= 1.7.7 - Missing Authorization
The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to unauthorized API usage due to a missing capability check on the rtafarajax function in all versions up to, and including, 1.7.7. This makes it possible for authenticated attackers, with Subscriber-level...
EUVD-2025-37979
The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to unauthorized API usage due to a missing capability check on the rtafarajax function in all versions up to, and including, 1.7.7. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-12360 Better Find and Replace <= 1.7.7 - Missing Authorization
The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to unauthorized API usage due to a missing capability check on the rtafarajax function in all versions up to, and including, 1.7.7. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-12563
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to limited file upload due to an incorrect capability check on theuploadVideo function in all versions up to, and including, 8.6.0. This makes it possible for authenticated attackers, with Subscriber-level acce...
EUVD-2025-37974
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to limited file upload due to an incorrect capability check on theuploadVideo function in all versions up to, and including, 8.6.0. This makes it possible for authenticated attackers, with Subscriber-level acce...
CVE-2025-12582
The Features plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'featuresrevertoption AJAX endpoint in all versions up to, and including, 0.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above...
PT-2025-45180
Name of the Vulnerable Software and Affected Versions Better Find and Replace – AI-Powered Suggestions plugin for WordPress versions through 1.7.7 Description The software is susceptible to unauthorized API usage because of a missing capability check within the rtafar ajax function. This allows...
CVE-2025-12156
The Ai Auto Tool Content Writing Assistant Gemini Writer, ChatGPT All in One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savepostdata function in versions 2.0.7 to 2.2.6. This makes it possible for authenticated attackers, with...
CVE-2025-12158
The Simple User Capabilities plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the sucsubmitcapabilities function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to elevate the role of any user account t...
CVE-2025-11007
The CE21 Suite plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the wpajaxnoprivce21singlesignonsaveapisettings AJAX action in versions 2.2.1 to 2.3.1. This makes it possible for unauthenticated attackers to update the plugin's API...
CVE-2025-12582 Features <= 0.0.2 - Missing Authorization to Authenticated (Subscriber+) Option Reset
The Features plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'featuresrevertoption AJAX endpoint in all versions up to, and including, 0.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above...
CVE-2025-12582
The CVE-2025-12582 vulnerability affects the WordPress Features plugin up to version 0.0.2, caused by a missing capability check on the features_revert_option AJAX endpoint. This allows authenticated users with Subscriber-level access (and above) to modify data by reverting options, exposing unau...
PT-2025-45093
Name of the Vulnerable Software and Affected Versions KiotViet Sync plugin for WordPress versions up to and including 1.8.5 Description The KiotViet Sync plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check within the saveConfig function...
PT-2025-45065
Name of the Vulnerable Software and Affected Versions Features plugin for WordPress versions up to and including 0.0.2 Description The Features plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check on the features revert option API...
CVE-2025-12350
The DominoKit plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpajaxnoprivdominokitoptionadminaction AJAX endpoint in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to update plugin settings...
CVE-2025-12158
The Simple User Capabilities plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the sucsubmitcapabilities function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to elevate the role of any user account t...
CVE-2025-12156
The Ai Auto Tool Content Writing Assistant Gemini Writer, ChatGPT All in One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savepostdata function in versions 2.0.7 to 2.2.6. This makes it possible for authenticated attackers, with...
CVE-2025-12158
CVE-2025-12158 affects WordPress plugin Simple User Capabilities. Wordfence reports a missing authorization check in suc_submit_capabilities() across versions up to 1.0, enabling unauthenticated attackers to elevate any user to administrator. CVSSv3.1 is rated 9.8 (Critical); exploitation is list...
CVE-2025-12389
CVE-2025-12389 affects the WordPress plugin Import Export For WooCommerce. The vulnerability is an unauthorized data modification flaw caused by a missing capability check in update_setting(), present in all versions up to and including 1.6.2. Exploitation requires authenticated access at Subscri...
CVE-2025-12389 Import Export For WooCommerce <= 1.6.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update
The Import Export For WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatesetting function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with Subscriber-level access a...