5230 matches found
CVE-2025-14034 ilGhera Support System for WooCommerce <= 1.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Ticket Deletion
The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'deletesingleticketcallback' and 'changeticketstatuscallback' functions in all versions up to, and including, 1.2.6. This makes it...
CVE-2025-11370
CVE-2025-11370 concerns the Depicter — Popup & Slider Builder plugin for WordPress (versions up to 4.0.7). The vulnerability arises from a missing capability check in RulesAjaxController::store, enabling unauthenticated users to modify popup display settings. Wordfence’s vulnerability entry (and ...
WordPress plugin GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin...
PT-2026-1427
Name of the Vulnerable Software and Affected Versions Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress versions through 10.3.1 Description The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is susceptible to unauthorized data loss. This...
PT-2026-1425
Name of the Vulnerable Software and Affected Versions LearnPress – WordPress LMS Plugin versions up to and including 4.3.2 Description The LearnPress – WordPress LMS Plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check within the catch l...
PT-2026-1426
Name of the Vulnerable Software and Affected Versions WP Timetics versions prior to 1.0.37 Description The Appointment Booking and Scheduling Calendar Plugin – WP Timetics for WordPress is susceptible to unauthorized access and modification of data. This is due to a missing capability check on th...
PT-2026-1397
Name of the Vulnerable Software and Affected Versions Popup and Slider Builder by Depicter versions through 4.0.7 Description The Popup and Slider Builder by Depicter plugin for WordPress is susceptible to unauthorized data modification. A missing capability check within the store function of the...
CVE-2025-14047
The Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission – WP User Frontend plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'FrontendFormAjax::submitpost' function in all versions up to,...
CVE-2025-14428
The All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs - My Sticky Elements plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'mystickyelementsbulks' function in all versions up to, and including, 2.3.3. This...
CVE-2025-14047
The Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission – WP User Frontend plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'FrontendFormAjax::submitpost' function in all versions up to,...
CVE-2025-14047 WP User Frontend <= 4.2.4 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion
The Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission – WP User Frontend plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'FrontendFormAjax::submitpost' function in all versions up to,...
CVE-2025-14428
The All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs - My Sticky Elements plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'mystickyelementsbulks' function in all versions up to, and including, 2.3.3. This...
EUVD-2026-0015
The All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs - My Sticky Elements plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'mystickyelementsbulks' function in all versions up to, and including, 2.3.3. This...
CVE-2025-14428 My Sticky Elements <= 2.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Bulk Lead Deletion
The All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs - My Sticky Elements plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'mystickyelementsbulks' function in all versions up to, and including, 2.3.3. This...
PT-2026-1009
Name of the Vulnerable Software and Affected Versions My Sticky Elements plugin for WordPress versions prior to 2.3.4 Description The My Sticky Elements plugin for WordPress is susceptible to unauthorized data loss. A missing capability check within the my sticky elements bulks function allows...
CVE-2025-14426
The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'editrating' function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attackers with Contributor-level access and above t...
EUVD-2025-205774
The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'editrating' function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attackers with Contributor-level access and above t...
CVE-2025-14426
The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'editrating' function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attackers with Contributor-level access and above t...
CVE-2025-14426 Strong Testimonials <= 3.2.18 - Missing Authorization to Authenticated (Contributor+) Rating Meta Update
The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'editrating' function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attackers with Contributor-level access and above t...
CVE-2025-14426 Strong Testimonials <= 3.2.18 - Missing Authorization to Authenticated (Contributor+) Rating Meta Update
The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'editrating' function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attackers with Contributor-level access and above t...