PT-2026-25503

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate license function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with...

EUVD-2026-11760

The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lknpixforwoocommercec6savesettings' function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated...

EUVD-2026-11786

The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in the addmenuitem method hooked to adminmenu in all versions up to, and including, 4.5.8. This is due to the method performing wpinsertpost and...

CVE-2026-4063

The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in the addmenuitem method hooked to adminmenu in all versions up to, and including, 4.5.8. This is due to the method performing wpinsertpost and...

CVE-2026-3891

The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lknpixforwoocommercec6savesettings' function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated...

CVE-2026-4063

CVE-2026-4063 affects the WordPress plugin Social Icons Widget & Block by WPZOOM. The Red Hat and CVE records, corroborated by the Wordfence vulnerability report, describe a missing capability check in the add_menu_item() function hooked to admin_menu in all versions up to 4.5.8. This allows auth...

CVE-2026-4063

The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in the addmenuitem method hooked to adminmenu in all versions up to, and including, 4.5.8. This is due to the method performing wpinsertpost and...

CVE-2026-4063 Social Icons Widget & Block <= 4.5.8 - Missing Authorization to Authenticated (Subscriber+) Sharing Configuration Creation

The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in the addmenuitem method hooked to adminmenu in all versions up to, and including, 4.5.8. This is due to the method performing wpinsertpost and...

CVE-2026-3891 Pix for WooCommerce <= 1.5.0 - Unauthenticated Arbitrary File Upload

The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lknpixforwoocommercec6savesettings' function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated...

CVE-2026-3891

CVE-2026-3891 affects the Pix for WooCommerce WordPress plugin. The issue is an unauthenticated arbitrary file upload in the lkn_pix_for_woocommerce_c6_save_settings endpoint (and related nonce generation flow), caused by missing capability checks and file-type validation in all versions up to 1....

CVE-2026-3891

The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lknpixforwoocommercec6savesettings' function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated...

PT-2026-25155

Name of the Vulnerable Software and Affected Versions Pix for WooCommerce versions up to and including 1.5.0 Description The Pix for WooCommerce plugin for WordPress is susceptible to arbitrary file uploads. This is due to a missing capability check and a lack of file type validation within the l...

PT-2026-25166

The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in the add menu item method hooked to admin menu in all versions up to, and including, 4.5.8. This is due to the method performing wp insert post and...

SUSE CVE-2025-3063

The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajaxcallbackupdatesaoption function in versions 2.0 to 2.1. This makes it possible for authenticated attackers, with...

CVE-2026-1920

The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ExtensionController::updateitempermissionscheck' function in all versions up to, and including, 1.0.16. This...

CVE-2026-1981

The HUMN-1 AI Website Scanner & Human Certification by Winston AI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the winstondisconnect function in all versions up to, and including, 0.0.3. This makes it possible for authenticated...

CVE-2026-1650

The MDJM Event Management plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'customfieldscontroller' function in all versions up to, and including, 1.7.8.1. This makes it possible for unauthenticated attackers to delete arbitrary custom...

EUVD-2026-10096

The MDJM Event Management plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'customfieldscontroller' function in all versions up to, and including, 1.7.8.1. This makes it possible for unauthenticated attackers to delete arbitrary custom...

EUVD-2026-10101

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized message deletion due to a missing capability check on the pgdeletemsg function in all versions up to, and including, 5.9.8.1. This is due to the function not verifying that the requesting us...

CVE-2026-2488

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized message deletion due to a missing capability check on the pgdeletemsg function in all versions up to, and including, 5.9.8.1. This is due to the function not verifying that the requesting us...