CVE-2025-12958 Rankology SEO and Analytics Tool <= 2.0 - Incorrect Authorization to Authenticated (Editor+) Header & Footer Code Creation

The Rankology SEO and Analytics Tool plugin for WordPress is vulnerable to unauthorized modification of data due to an incorrect capability check on the 'rankologycodeblock' page in all versions up to, and including, 2.0. This makes it possible for authenticated attackers, with Editor-level acces...

CVE-2025-12958 Rankology SEO and Analytics Tool <= 2.0 - Incorrect Authorization to Authenticated (Editor+) Header & Footer Code Creation

The Rankology SEO and Analytics Tool plugin for WordPress is vulnerable to unauthorized modification of data due to an incorrect capability check on the 'rankologycodeblock' page in all versions up to, and including, 2.0. This makes it possible for authenticated attackers, with Editor-level acces...

CVE-2025-12958

CVE-2025-12958 affects Rankology SEO and Analytics Tool for WordPress. Wordfence reports an insecure capability check on the rankology_code_block page that allows authenticated attackers with Editor-level access and above to modify data by adding header/footer code blocks. The issue is tied to Ra...

CVE-2025-13529 Unify <= 3.4.9 - Missing Authorization to Unauthenticated Option Deletion via 'unify_plugin_downgrade' Parameter

The Unify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'init' action in all versions up to, and including, 3.4.9. This makes it possible for unauthenticated attackers to delete specific plugin options via the 'unifyplugindowngrad...

CVE-2025-13529

CVE-2025-13529 affects the Unify WordPress plugin (up to version 3.4.9), with an unauthorized data modification vulnerability caused by a missing capability check on the init action. Wordfence’s vulnerability report confirms the issue as Missing Authorization to Unauthenticated Option Deletion vi...

PT-2026-1584

Name of the Vulnerable Software and Affected Versions User Activity Log plugin versions prior to and including 2.2 Description The User Activity Log plugin has an issue where the failed-login handler ual shook wp login failed does not perform a capability check. This allows unauthenticated...

PT-2026-1595

Name of the Vulnerable Software and Affected Versions Unify plugin for WordPress versions up to and including 3.4.9 Description The Unify plugin for WordPress is susceptible to unauthorized data modification because of a missing capability check on the 'init' action. This allows unauthenticated...

PT-2026-1589

Name of the Vulnerable Software and Affected Versions Moosend Landing Pages plugin for WordPress versions through 1.1.6 Description The Moosend Landing Pages plugin for WordPress has a flaw that allows unauthorized modification of data. This is due to a missing capability check within the moosend...

AlmaLinux 9 : kernel (ALSA-2025:23241)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:23241 advisory. kernel: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns CVE-2025-38499 kernel: iommufd: Fix race during abort for file...

CVE-2025-9294

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the qsmdashboarddeleteresult function in all versions up to, and including, 10.3.1. This makes it possible for authenticated attackers,...

CVE-2025-5919

The Appointment Booking and Scheduling Calendar Plugin – WP Timetics plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the update and registerroutes functions in all versions up to, and including, 1.0.36. This makes it possible...

CVE-2025-13964

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catchlpajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents b...

CVE-2025-13964 LearnPress – WordPress LMS Plugin <= 4.3.2 - Missing Authentication to Unauthenticated Course Modification

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catchlpajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents b...

CVE-2025-13964

CVE-2025-13964 : LearnPress – WordPress LMS Plugin (LearnPress) is vulnerable to unauthorized modification of course data due to a missing capability check in catch_lp_ajax, affecting all versions up to 4.3.2. This allows unauthenticated attackers to add/remove/update/reorder sections and section...

CVE-2025-13812

The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the gamipressajaxgetposts and gamipressajaxgetusers functions in all versions up to, and including...

CVE-2025-14371

The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the taxopressaiaddpostterm function in all versions up to, and including, 3.41.0. This makes it possible for authenticat...

CVE-2025-13812 GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress <= 7.6.1 - Missing Authorization to Authenticated (Subscriber+) Information Exposure

The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the gamipressajaxgetposts and gamipressajaxgetusers functions in all versions up to, and including...

CVE-2025-14371 TaxoPress <= 3.41.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Tag Modification

The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the taxopressaiaddpostterm function in all versions up to, and including, 3.41.0. This makes it possible for authenticat...

CVE-2025-14371

CVE-2025-14371 : TaxoPress’s Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI (WordPress) is vulnerable due to a missing authorization check in the taxopress_ai_add_post_term function. This allows authenticated users with Contributor-level access and above to add or remove taxonomy...

CVE-2025-11370

The Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'store' function of the...