5256 matches found
CVE-2025-10008
The Translate WordPress and go Multilingual – Weglot plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cleanoptions' function in all versions up to, and including, 5.1. This makes it possible for unauthenticated attackers to delete limited...
CVE-2025-11975
The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savechanges function in all versions up to, and including,...
CVE-2025-11975
CVE-2025-11975 affects the FuseWP WordPress plugin (WordPress User Sync to Email List & Marketing Automation). The root cause is a missing capability check in the save_changes() function, impacting all versions up to and including 1.1.23.0. This enables unauthorized modification of data, allowing...
PT-2025-44597
Name of the Vulnerable Software and Affected Versions ERI File Library plugin for WordPress versions up to and including 1.1.0 Description The ERI File Library plugin for WordPress has a flaw that allows unauthorized access to data. This is due to a missing capability check on the erifl file AJAX...
PT-2025-44592
Name of the Vulnerable Software and Affected Versions The Events Calendar plugin for WordPress versions through 6.15.9 Description The The Events Calendar plugin for WordPress is susceptible to unauthorized access. A missing capability check on the tec qr code modal API endpoint allows...
WordPress plugin FuseWP 安全漏洞
WordPress FuseWP plugin is a WordPress plugin for creating and managing multilingual websites. WordPress FuseWP plugin suffers from an unauthorized modification of data vulnerability that stems from a lack of capability check in the savechanges function, which can be exploited by an attacker to a...
PT-2025-44578
Name of the Vulnerable Software and Affected Versions FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin versions through 1.1.23.0 Description The FuseWP plugin for WordPress has a flaw that allows unauthorized modification of...
CVE-2025-11587
The Call Now Button – The 1 Click to Call Button for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate function in all versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, with...
CVE-2025-11881
The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'myapppverify' function in all versions up to, and including, 4.5.0. This makes it possible for unauthenticated attackers to extract sensitive data...
EUVD-2025-36971
The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'myapppverify' function in all versions up to, and including, 4.5.0. This makes it possible for unauthenticated attackers to extract sensitive data...
EUVD-2025-36900
The Translate WordPress and go Multilingual – Weglot plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cleanoptions' function in all versions up to, and including, 5.1. This makes it possible for unauthenticated attackers to delete limited...
CVE-2025-11705
The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.23.81 due to a missing capability check combined with an information exposure in several GOTMLS AJAX actions. This makes it possible for authenticat...
PT-2025-44374
Name of the Vulnerable Software and Affected Versions AppPresser – Mobile App Framework plugin for WordPress versions through 4.5.0 Description The AppPresser – Mobile App Framework plugin for WordPress is susceptible to unauthorized data access. A missing capability check within the myappp verif...
EUVD-2025-36639
The Call Now Button – The 1 Click to Call Button for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate function in all versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, with...
CVE-2025-11587
CVE-2025-11587 refers to the WordPress plugin “Call Now Button – The #1 Click to Call Button for WordPress.” The advisory states a missing capability check in the activate function across all versions up to 1.5.3, allowing authenticated users with Subscriber-level access or higher to modify data ...
EUVD-2025-36602
The Doppler Forms WordPress plugin through 2.5.1 registers an AJAX action installextension without verifying user capabilities or using a nonce. As a result, any authenticated user — including those with the Subscriber role — can install and activate additional Doppler Forms WordPress plugin...
CVE-2025-11705
The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.23.81 due to a missing capability check combined with an information exposure in several GOTMLS AJAX actions. This makes it possible for authenticat...
CVE-2025-11705 Anti-Malware Security and Brute-Force Firewall <= 4.23.81 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read
The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.23.81 due to a missing capability check combined with an information exposure in several GOTMLS AJAX actions. This makes it possible for authenticat...
PT-2025-44700
Name of the Vulnerable Software and Affected Versions Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App versions prior to 3.6.1 Description The Post SMTP plugin for WordPress has a flaw due to a missing capability check within the construct function. This allows...
Siemens SIMATIC Devices Improper Check for Unusual or Exceptional Conditions (CVE-2024-44948)
In the Linux kernel, the following vulnerability has been resolved: x86/mtrr: Check if fixed MTRRs exist before saving them MTRRs have an obsolete fixed variant for fine grained caching control of the 640K-1MB region that uses separate MSRs. This fixed variant has a separate capability bit in the...