5241 matches found
CVE-2025-12579
The Reuters Direct plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'logoff' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to reset the plugin's settings...
CVE-2025-12971
The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on the 'wcpchangepostfolder' function in all versions up to, and including, 3.1.5. This make...
CVE-2025-12971 Folders <= 3.1.5 - Incorrect Authorization to Authenticated (Contributor+) Folder Content Manipulation
The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on the 'wcpchangepostfolder' function in all versions up to, and including, 3.1.5. This make...
CVE-2025-12971 Folders <= 3.1.5 - Incorrect Authorization to Authenticated (Contributor+) Folder Content Manipulation
The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on the 'wcpchangepostfolder' function in all versions up to, and including, 3.1.5. This make...
CVE-2025-12971
CVE-2025-12971 – The WordPress plugin Folders – Unlimited Folders to Organize Media Library (and related variants) is vulnerable to unauthorized data modification due to a misconfigured capability check in the function wcp_change_post_folder . This affects all versions up to and including 3.1.5 ....
EUVD-2025-199817
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpfcdbfixcallback function in all versions up to, and including, 1.4.0. This makes it possible for authenticated attackers, with Subscriber-level access and above,...
CVE-2025-10476
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpfcdbfixcallback function in all versions up to, and including, 1.4.0. This makes it possible for authenticated attackers, with Subscriber-level access and above,...
CVE-2025-10476
WP Fastest Cache for WordPress
CVE-2025-10476 WP Fastest Cache <= 1.4.0 - Missing Authorization to Authenticated (Subscriber+) DB Cleanup Actions
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpfcdbfixcallback function in all versions up to, and including, 1.4.0. This makes it possible for authenticated attackers, with Subscriber-level access and above,...
CVE-2025-13381
The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'ayschatgptsavewpmedia' function in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to upload...
EUVD-2025-199787
The Reuters Direct plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'logoff' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to reset the plugin's settings...
CVE-2025-12579
The Reuters Direct plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'logoff' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to reset the plugin's settings...
WordPress plugin Folders 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
PT-2025-48254
The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'ays chatgpt save wp media' function in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to...
WordPress plugin Hide Category by User Role for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-48261
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpfc db fix callback function in all versions up to, and including, 1.4.0. This makes it possible for authenticated attackers, with Subscriber-level access and...
PT-2025-48217
The Reuters Direct plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'logoff' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to reset the plugin's settings...
CVE-2025-12634
The Refund Request for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updaterefundstatus' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-13386
The Social Images Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionsupdate' function in all versions up to, and including, 2.1. This makes it possible for unauthenticated attackers to delete the plugin's settings via a...
CVE-2025-13414
The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to unauthorized data export due to a missing capability check on the cdashwatchforexport function in all versions up to, and including, 3.3.11. This makes it possible for unauthenticated attackers to export business...