5230 matches found
PT-2026-22024
Name of the Vulnerable Software and Affected Versions The Events Calendar plugin for WordPress versions prior to 6.15.16 Description The Events Calendar plugin for WordPress is susceptible to unauthorized modification and potential loss of data. This is due to an insufficient capability check...
VulnCheck KEV: CVE-2025-14155
The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gettemplatecontent' function in all versions up to, and including, 4.11.53. This makes it possible for...
CVE-2026-1787
The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deletemigrateddata' function in all versions up to, and including, 4.1.0. This makes it possible for unauthenticated attacker...
CVE-2026-1787 LearnPress Export Import <= 4.1.0 - Missing Authentication to Unauthenticated Migrated Course Deletion
The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deletemigrateddata' function in all versions up to, and including, 4.1.0. This makes it possible for unauthenticated attacker...
CVE-2026-1787
The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deletemigrateddata' function in all versions up to, and including, 4.1.0. This makes it possible for unauthenticated attacker...
CVE-2026-1787 LearnPress Export Import <= 4.1.0 - Missing Authentication to Unauthenticated Migrated Course Deletion
The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deletemigrateddata' function in all versions up to, and including, 4.1.0. This makes it possible for unauthenticated attacker...
CVE-2025-14342
The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sqajaxuninstall function in all versions up to, and including, 12.4.14. This makes it possible for authenticated attackers, with Subscriber-level access...
CVE-2025-14427
The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MfaEmailDisable action in all versions up to, and including, 21.0.9. This makes it possible for...
CVE-2025-14357
The Mega Store Woocommerce theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setupwidgets function in core/includes/importer/whizzie.php in all versions up to, and including, 5.9. This makes it possible for authenticated attackers, wit...
CVE-2025-13091
The Shopire theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the shopireadmininstallplugin function in all versions up to, and including, 1.0.57. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...
CVE-2025-12975
The CTX Feed – WooCommerce Product Feed Manager plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the woofeedplugininstalling function in all versions up to, and including, 6.6.11. This makes it possible for authenticated...
CVE-2025-12845
The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to unauthorized access of data that leads to privilege escalation due to a missing capability check on the gettabledata function in versions 0.5.4 to 1.2.1. This makes it possible...
CVE-2026-0974
The Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the 'installplugin' function in all versions up to, and including, 1.20.0. This makes it possible for...
CVE-2026-1942
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the b2scurationdraft AJAX action in all versions up to, and including, 8.7.4. The curationDraft function only verifies...
CVE-2025-12356
The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxchangeticketstatus' AJAX endpoint in all versions up to, and including, 3.5.6.4. This makes it possible for authenticated attackers,...
CVE-2025-15041
The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the savesiteoption function in all versions up to, and including, 5.6.2. This makes it possible for...
CVE-2025-14357
The Mega Store Woocommerce theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setupwidgets function in core/includes/importer/whizzie.php in all versions up to, and including, 5.9. This makes it possible for authenticated attackers, wit...
CVE-2025-14342
The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sqajaxuninstall function in all versions up to, and including, 12.4.14. This makes it possible for authenticated attackers, with Subscriber-level access...
CVE-2025-13091
The Shopire theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the shopireadmininstallplugin function in all versions up to, and including, 1.0.57. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...
CVE-2025-12975
The CTX Feed – WooCommerce Product Feed Manager plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the woofeedplugininstalling function in all versions up to, and including, 6.6.11. This makes it possible for authenticated...