CVE-2025-12822

CVE-2025-12822 concerns the WordPress plugin WP Login and Register using JWT . The vulnerability is caused by a missing capability check in the function mo_jwt_generate_new_api_key , present in all versions up to and including 3.0.0. This allows an attacker with at least Subscriber -level access ...

CVE-2025-12814

CVE-2025-12814 concerns the WordPress plugin SiteSEO – SEO Simplified (versions ≤ 1.3.2). The issue is an improper authorization check in siteseo_reset_settings, allowing an authenticated attacker who has at least one SiteSEO setting capability to modify data by reseting the plugin’s settings. Th...

CVE-2025-12174 Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.5.2 - Missing Authorization to Authenticated (Subscriber+) Data Export and Slug Update

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'directoristpreparelistingsexportfile' and 'directoristtypeslugchange' AJAX actions in all versions up to, and...

CVE-2025-12751 WSChat – WordPress Live Chat <= 3.1.6 - Missing Authorization to Authenticated (Subscriber+) Settings Reset

The WSChat – WordPress Live Chat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'resetsettings' AJAX endpoint in all versions up to, and including, 3.1.6. This makes it possible for authenticated attackers, with Subscriber-level...

WordPress plugin SiteSEO 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An authorizati...

PT-2025-47432

The WSChat – WordPress Live Chat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'reset settings' AJAX endpoint in all versions up to, and including, 3.1.6. This makes it possible for authenticated attackers, with Subscriber-level...

PT-2025-47434

The WP Login and Register using JWT plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mo jwt generate new api key' function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with...

PT-2025-47433

The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to unauthorized modification of data due to n incorrect capability check on the siteseo reset settings function in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, who have been granted...

EUVD-2025-197962

The Cryptocurrency Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handleoptinoptout' function in all versions up to, and including, 2.0.22. This makes it possible for unauthenticated attackers to op...

EUVD-2025-197958

The Restrictions for BuddyPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handleoptinoptout function in all versions up to, and including, 1.5.2. This makes it possible for unauthenticated attackers to opt in and out of tracki...

CVE-2025-12391

The Restrictions for BuddyPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handleoptinoptout function in all versions up to, and including, 1.5.2. This makes it possible for unauthenticated attackers to opt in and out of tracki...

EUVD-2025-197935

The Download Panel plugin for WordPress is vulnerable to unauthorized settings modification due to a missing capability check on the 'wpajaxsavesettings' AJAX action in all versions up to, and including, 1.3.3. This is due to the absence of any capability verification in the dlpnsavesettings...

CVE-2025-12937

The ACF Flexible Layouts Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'acfflmupdatetemplatewithpastedlayout' function in all versions up to, and including, 1.1.6. This makes it possible for unauthenticated attackers to...

CVE-2025-12961

The Download Panel plugin for WordPress is vulnerable to unauthorized settings modification due to a missing capability check on the 'wpajaxsavesettings' AJAX action in all versions up to, and including, 1.3.3. This is due to the absence of any capability verification in the dlpnsavesettings...

PT-2025-47264

Name of the Vulnerable Software and Affected Versions Download Panel plugin for WordPress versions up to and including 1.3.3 Description The Download Panel plugin for WordPress is susceptible to unauthorized settings modification. This is caused by a missing capability check on the 'wp ajax save...

WordPress Survey Maker plugin unauthorized access vulnerability

WordPress Survey Maker plugin is a tool for creating questionnaires with support for multiple question types and data analysis features for businesses or individuals to collect user feedback. An unauthorized access vulnerability exists in the WordPress Survey Maker plugin, which stems from a lack...

WordPress quicq plugin missing capability check vulnerability

WordPress quicq plugin is an image optimization tool designed for WordPress that automatically compresses and resizes images to improve website performance. A missing capability check vulnerability exists in WordPress quicq plugin, which can be exploited by attackers to cause unauthorized data...

WordPress Survey Maker plugin missing capability check vulnerability

WordPress Survey Maker plugin is a tool for creating questionnaires with support for multiple question types and data analysis features for businesses or individuals to collect user feedback. WordPress Survey Maker plugin suffers from a missing capability check vulnerability, which stems from a...

PT-2025-47279

Name of the Vulnerable Software and Affected Versions Cryptocurrency Payment Gateway for WooCommerce plugin for WordPress versions through 2.0.22 Description The Cryptocurrency Payment Gateway for WooCommerce plugin for WordPress is susceptible to unauthorized data modification. This is due to a...

PT-2025-47251

Name of the Vulnerable Software and Affected Versions Multiple Roles per User plugin for WordPress versions up to and including 1.0 Description The Multiple Roles per User plugin for WordPress has a flaw that allows unauthorized data modification. This is due to a missing capability check within...