PT-2025-47682

The Cryptocurrency Token, Launchpad Presale, ICO & IDO, Airdrop by TokenICO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveDeployedContract' function in all versions up to, and including, 2.4.6. This makes it possible for...

PT-2025-47689

Name of the Vulnerable Software and Affected Versions Realty Portal plugin for WordPress versions 0.1 through 0.4.1 Description The Realty Portal plugin for WordPress is susceptible to unauthorized data modification, potentially leading to privilege escalation. A missing capability check within t...

PT-2025-47728

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eh crm remove agent' function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers,...

PT-2025-47673

The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'uip save ui template' function in all versions up to, and including, 3.5.08. This makes it possible for...

PT-2025-47691

Name of the Vulnerable Software and Affected Versions WPBookit versions up to and including 1.0.6 Description The WPBookit plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to a missing capability check on the save custome code function, allowing unauthenticated...

PT-2025-47662

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh crm restore data function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, wi...

CVE-2025-12822

The WP Login and Register using JWT plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mojwtgeneratenewapikey' function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2025-12778

The CVE-2025-12778 vulnerability affects the Ultimate Member Widgets for Elementor – WordPress User Directory plugin. It arises from a missing capability check in handle_filter_users, affecting all versions up to and including 2.3, allowing unauthenticated attackers to read partial user metadata ...

PT-2025-47555

The Ultimate Member Widgets for Elementor – WordPress User Directory plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle filter users function in all versions up to, and including, 2.3. This makes it possible for unauthenticated...

CVE-2025-12392

The Cryptocurrency Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handleoptinoptout' function in all versions up to, and including, 2.0.25. This makes it possible for unauthenticated attackers to op...

CVE-2025-12391

The Restrictions for BuddyPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handleoptinoptout function in all versions up to, and including, 1.5.2. This makes it possible for unauthenticated attackers to opt in and out of tracki...

CVE-2025-11620

The Multiple Roles per User plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mrpuaddmultiplerolesui' and 'mrpusavemultipleuserroles' functions in all versions up to, and including, 1.0. This makes it possible for authenticated...

CVE-2025-12937

The ACF Flexible Layouts Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'acfflmupdatetemplatewithpastedlayout' function in all versions up to, and including, 1.1.6. This makes it possible for unauthenticated attackers to...

CVE-2025-12961

The Download Panel plugin for WordPress is vulnerable to unauthorized settings modification due to a missing capability check on the 'wpajaxsavesettings' AJAX action in all versions up to, and including, 1.3.3. This is due to the absence of any capability verification in the dlpnsavesettings...

EUVD-2025-198101

The WP Login and Register using JWT plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mojwtgeneratenewapikey' function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with Subscriber-level...

EUVD-2025-198108

The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to unauthorized modification of data due to n incorrect capability check on the siteseoresetsettings function in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, who have been granted acce...

EUVD-2025-198114

The WSChat – WordPress Live Chat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'resetsettings' AJAX endpoint in all versions up to, and including, 3.1.6. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2025-12814

The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to unauthorized modification of data due to n incorrect capability check on the siteseoresetsettings function in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, who have been granted acce...

CVE-2025-12751

The WSChat – WordPress Live Chat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'resetsettings' AJAX endpoint in all versions up to, and including, 3.1.6. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2025-12822 WP Login and Register using JWT <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) API Key Exposure

The WP Login and Register using JWT plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mojwtgeneratenewapikey' function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with Subscriber-level...