CVE-2026-0635 Responsive Accordion Slider <= 1.2.2 - Missing Authorization to Authenticated (Contributor+) Slider Update via 'resp_accordion_silder_save_images'

The Responsive Accordion Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'respaccordionsildersaveimages' function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with...

PT-2026-2828

The Responsive Accordion Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'resp accordion silder save images' function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with...

PT-2026-2839

The Aplazo Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the check success response function in all versions up to, and including, 1.4.2. This makes it possible for unauthenticated attackers to set any WooCommerce orde...

PT-2026-2819

The Netcash WooCommerce Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle return url function in all versions up to, and including, 4.1.3. This makes it possible for unauthenticated attackers to mark any...

CVE-2025-14948

The miniOrange OTP Verification and SMS Notification for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enablewcsmsnotification AJAX action in all versions up to, and including, 4.3.8. This makes it possible for...

CVE-2025-13717

The Contact Form vCard Generator plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wpgvccfcheckdownloadrequest' function in all versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to export sensitive...

CVE-2025-10915

The Dreamer Blog WordPress theme through 1.2 is vulnerable to arbitrary installations due to a missing capability check...

CVE-2025-10915

The Dreamer Blog WordPress theme (≤ 1.2) is reported to be vulnerable to arbitrary plugin installations due to a missing capability check. The CVE entry CVE-2025-10915 maps to this issue. Wordfence notes indicate the Dreamer Blog vulnerability is still unpatched, highlighting a risk of unauthoriz...

CVE-2025-10915 Dreamer Blog <= 1.2 - Subscriber+ Arbitrary Plugin Installation

The Dreamer Blog WordPress theme through 1.2 is vulnerable to arbitrary installations due to a missing capability check...

CVE-2025-14948

The miniOrange OTP Verification and SMS Notification for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enablewcsmsnotification AJAX action in all versions up to, and including, 4.3.8. This makes it possible for...

CVE-2025-14948 miniOrange OTP Verification and SMS Notification for WooCommerce <= 4.3.8 - Missing Authorization to Unauthenticated Notification Settings Modification

The miniOrange OTP Verification and SMS Notification for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enablewcsmsnotification AJAX action in all versions up to, and including, 4.3.8. This makes it possible for...

CVE-2025-14948 miniOrange OTP Verification and SMS Notification for WooCommerce <= 4.3.8 - Missing Authorization to Unauthenticated Notification Settings Modification

The miniOrange OTP Verification and SMS Notification for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enablewcsmsnotification AJAX action in all versions up to, and including, 4.3.8. This makes it possible for...

CVE-2025-14948

The CVE CVE-2025-14948 affects the miniOrange OTP Verification and SMS Notification for WooCommerce WordPress plugin. The vulnerability is an unauthorized modification of data due to a missing capability check on the enable_wc_sms_notification AJAX action, allowing unauthenticated attackers to en...

CVE-2025-14886

The Japanized for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the order REST API endpoint in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to mark any WooCommerce order a...

PT-2026-1760

Name of the Vulnerable Software and Affected Versions miniOrange OTP Verification and SMS Notification for WooCommerce plugin for WordPress versions through 4.3.8 Description The miniOrange OTP Verification and SMS Notification for WooCommerce plugin for WordPress is subject to unauthorized data...

CVE-2025-13717

The Contact Form vCard Generator plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wpgvccfcheckdownloadrequest' function in all versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to export sensitive...

CVE-2023-4792

The Duplicate Post Page Menu & Custom Post Type plugin for WordPress is vulnerable to unauthorized page and post duplication due to a missing capability check on the duplicateppmcpostasdraft function in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers with...

CVE-2023-4600

The AffiliateWP for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'affwpactivateaddonspageplugin' function called via an AJAX action in versions up to, and including, 2.14.0. This makes it possible for authenticated attackers, with...

CVE-2023-4374

The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refreshlogsasync' functions in versions up to, and including, 1.2.11. This makes it possible for authenticated attackers with subscriber...

CVE-2023-4469

The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrfldsexportfile function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially...