44 matches found
CVE-2025-11986
The Crypto plugin for WordPress is vulnerable to Information exposure in all versions up to, and including, 2.22. This is due to the plugin registering an unauthenticated AJAX action wpajaxnoprivcryptoconnectajaxprocess that allows calling the register and savenft methods with only a...
CVE-2025-11988
The Crypto plugin for WordPress is vulnerable to unauthorized manipulation of data in all versions up to, and including, 2.22. This is due to the plugin registering an unauthenticated AJAX action wpajaxnoprivcryptoconnectajaxprocess that allows calling the cryptodeletejson method with only a...
EUVD-2025-60927
The Crypto plugin for WordPress is vulnerable to Information exposure in all versions up to, and including, 2.22. This is due to the plugin registering an unauthenticated AJAX action wpajaxnoprivcryptoconnectajaxprocess that allows calling the register and savenft methods with only a...
CVE-2025-11988
The Crypto plugin for WordPress is vulnerable to unauthorized manipulation of data in all versions up to, and including, 2.22. This is due to the plugin registering an unauthenticated AJAX action wpajaxnoprivcryptoconnectajaxprocess that allows calling the cryptodeletejson method with only a...
CVE-2025-11986 Crypto Tool <= 2.22 - Unauthenticated Information Exposure via Global Authentication State
The Crypto plugin for WordPress is vulnerable to Information exposure in all versions up to, and including, 2.22. This is due to the plugin registering an unauthenticated AJAX action wpajaxnoprivcryptoconnectajaxprocess that allows calling the register and savenft methods with only a...
WordPress plugin Crypto 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
PT-2025-46266
Name of the Vulnerable Software and Affected Versions Crypto plugin for WordPress versions prior to 2.23 Description The software is susceptible to information exposure due to an unauthenticated AJAX action, wp ajax nopriv crypto connect ajax process, which allows calling the register and savenft...
PT-2025-46267
Name of the Vulnerable Software and Affected Versions Crypto plugin for WordPress versions prior to 2.23 Description The Crypto plugin for WordPress is susceptible to unauthorized data manipulation. This is caused by an unauthenticated AJAX action, wp ajax nopriv crypto connect ajax process, whic...
CVE-2024-9990
The Crypto plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.15. This is due to missing nonce validation in the 'cryptoconnectajaxprocess::check' function. This makes it possible for unauthenticated attackers to log in as any existing user on the...
CVE-2024-9988
The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.19. This is due to missing validation on the user being supplied in the 'cryptoconnectajaxprocess::register' function. This makes it possible for unauthenticated attackers to log in as any...
WordPress Crypto plugin <= 2.18 - Authentication Bypass via log_in vulnerability
Authentication Bypass via login vulnerability discovered by István Márton in WordPress Plugin Crypto versions = 2.18...
CVE-2024-9988
The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. This is due to missing validation on the user being supplied in the 'cryptoconnectajaxprocess::register' function. This makes it possible for unauthenticated attackers to log in as any...
CVE-2024-9989
The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. This is due a to limited arbitrary method call to 'cryptoconnectajaxprocess::login' function in the 'cryptoconnectajaxprocess' function. This makes it possible for unauthenticated...
CVE-2024-9988
The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.19. This is due to missing validation on the user being supplied in the 'cryptoconnectajaxprocess::register' function. This makes it possible for unauthenticated attackers to log in as any...
CVE-2024-9989
The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.18. This is due to a limited arbitrary method call to 'cryptoconnectajaxprocess::login' function in the 'cryptoconnectajaxprocess' function. This makes it possible for unauthenticated...
CVE-2024-9990
The Crypto plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.15. This is due to missing nonce validation in the 'cryptoconnectajaxprocess::check' function. This makes it possible for unauthenticated attackers to log in as any existing user on the...
CVE-2024-9990
CVE-2024-9990 describes a CSRF-to-authentication-bypass vulnerability in the WordPress Crypto plugin (versions
CVE-2024-9989
CVE-2024-9989 affects the Crypto WordPress plugin up to version 2.15. The vulnerability arises from an overly permissive call in crypto_connect_ajax_process::log_in within crypto_connect_ajax_process, allowing unauthenticated attackers to bypass authentication and log in as any existing user (e.g...
CVE-2024-9989 Crypto <= 2.18 - Authentication Bypass via log_in
The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.18. This is due to a limited arbitrary method call to 'cryptoconnectajaxprocess::login' function in the 'cryptoconnectajaxprocess' function. This makes it possible for unauthenticated...
CVE-2024-9989 Crypto <= 2.18 - Authentication Bypass via log_in
The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.18. This is due to a limited arbitrary method call to 'cryptoconnectajaxprocess::login' function in the 'cryptoconnectajaxprocess' function. This makes it possible for unauthenticated...