5230 matches found
CVE-2026-3072
CVE-2026-3072 affects the WordPress plugin Media Library Assistant (MLA) up to and including version 3.33. The vulnerability arises from a missing capability check in mla_update_compat_fields_action(), allowing authenticated attackers with Subscriber-level access or higher to modify taxonomy term...
PT-2026-23135
Name of the Vulnerable Software and Affected Versions Media Library Assistant plugin for WordPress versions prior to 3.34 Description The software is susceptible to unauthorized data modification because of a missing capability check within the mla update compat fields action function...
PT-2026-23448
The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the 'install and active plugin' function in all versions up to, and including, 1.4.24...
CVE-2026-3056
The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seraphaccelapi AJAX action with fn=LogClear in all versions up to, and including, 2.28.14. This makes it possible for authenticated attackers, with...
CVE-2026-3056
CVE-2026-3056 affects the Seraphinite Accelerator WordPress plugin (all versions up to 2.28.14). Root cause: missing capability check on the seraph_accel_api AJAX action with fn=LogClear, allowing authenticated users with Subscriber-level access or higher to clear the plugin’s debug/operational l...
CVE-2026-2732
The Enable Media Replace plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'RemoveBackGroundViewController::load' function in all versions up to, and including, 4.1.7. This makes it possible for authenticated attackers, with...
CVE-2026-2732
The Enable Media Replace plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'RemoveBackGroundViewController::load' function in all versions up to, and including, 4.1.7. This makes it possible for authenticated attackers, with...
PT-2026-22901
The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seraph accel api AJAX action with fn=LogClear in all versions up to, and including, 2.28.14. This makes it possible for authenticated attackers, with...
CVE-2026-3132
The Master Addons for Elementor Premium plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.3 via the 'JLTMAWidgetAdmin::renderpreview'. This is due to missing capability check. This makes it possible for authenticated attackers, with...
EUVD-2026-9222
The Master Addons for Elementor Premium plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.3 via the 'JLTMAWidgetAdmin::renderpreview'. This is due to missing capability check. This makes it possible for authenticated attackers, with...
CVE-2026-3132
The CVE concerns the Master Addons for Elementor Premium plugin for WordPress. All versions up to 2.1.3 are affected by a Remote Code Execution flaw via JLTMA_Widget_Admin::render_preview, caused by a missing capability check. This allows authenticated attackers with Subscriber-level access and a...
CVE-2026-28557
wpForo Forum 2.4.14 contains a missing capability check vulnerability that allows authenticated users to trigger bulk wpForo usergroup reassignment via the wpforosynchroles AJAX handler. Attackers access the usergroups admin page, accessible to any authenticated user, to obtain a nonce, then rema...
EUVD-2026-9106
wpForo Forum 2.4.14 contains a missing capability check vulnerability that allows authenticated users to trigger bulk wpForo usergroup reassignment via the wpforosynchroles AJAX handler. Attackers access the usergroups admin page, accessible to any authenticated user, to obtain a nonce, then rema...
CVE-2026-28557
wpForo Forum 2.4.14 contains a missing capability check vulnerability that allows authenticated users to trigger bulk wpForo usergroup reassignment via the wpforosynchroles AJAX handler. Attackers access the usergroups admin page, accessible to any authenticated user, to obtain a nonce, then rema...
CVE-2026-28557
wpForo Forum 2.4.14 contains a missing capability check vulnerability that allows authenticated users to trigger bulk wpForo usergroup reassignment via the wpforosynchroles AJAX handler. Attackers access the usergroups admin page, accessible to any authenticated user, to obtain a nonce, then rema...
CVE-2026-28557 wpForo Forum < 2.4.16 Privilege Escalation via Role Synchronization Handler
wpForo Forum 2.4.14 contains a missing capability check vulnerability that allows authenticated users to trigger bulk wpForo usergroup reassignment via the wpforosynchroles AJAX handler. Attackers access the usergroups admin page, accessible to any authenticated user, to obtain a nonce, then rema...
CVE-2026-28557
wpForo Forum 2.4.14 contains a missing capability check vulnerability that allows authenticated users to trigger bulk wpForo usergroup reassignment via the wpforosynchroles AJAX handler. Attackers access the usergroups admin page, accessible to any authenticated user, to obtain a nonce, then rema...
CVE-2025-14742
The WP Recipe Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajaxsearchrecipes' and 'ajaxgetrecipe' functions in all versions up to, and including, 10.2.3. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2026-2694 The Events Calendar <= 6.15.16 - Improper Authorization to Authenticated (Contributor+) Event/Organizer/Venue Update/Trash via REST API
The The Events Calendar plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to an improper capability check on the 'canedit' and 'candelete' function in all versions up to, and including, 6.15.16. This makes it possible for authenticated attackers, with...
CVE-2025-14742
The WP Recipe Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajaxsearchrecipes' and 'ajaxgetrecipe' functions in all versions up to, and including, 10.2.3. This makes it possible for authenticated attackers, with Subscriber-level...