474 matches found
CVE-2025-12826
The CVE-2025-12826 entry describes a vulnerability in the WordPress plugin Custom Post Type UI (versions
CVE-2025-12826 Custom Post Type UI <= 1.18.0 - Missing Authorization to Unauthenticated (Previously Administrator+) Custom Post Type Modification
The Custom Post Type UI plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.18.0. This is due to the plugin not verifying that a user has the required capability to perform actions in the "cptuiprocessposttype" function. This makes it possible for...
CVE-2025-12826 Custom Post Type UI <= 1.18.0 - Missing Authorization to Unauthenticated (Previously Administrator+) Custom Post Type Modification
The Custom Post Type UI plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.18.0. This is due to the plugin not verifying that a user has the required capability to perform actions in the "cptuiprocessposttype" function. This makes it possible for...
WordPress Custom Post Type UI plugin <= 1.18.0 - Missing Authorization to Unauthenticated (Previously Administrator+) Custom Post Type Modification vulnerability
Missing Authorization to Unauthenticated Previously Administrator+ Custom Post Type Modification vulnerability discovered by mahdi salhi CaptinSharky01 - CaptinSharku in WordPress Plugin Custom Post Type UI versions = 1.18.0...
WordPress plugin Custom Post Type UI 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2025-49007
The Custom Post Type UI plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.18.0. This is due to the plugin not verifying that a user has the required capability to perform actions in the "cptui process post type" function. This makes it possible for...
WordPress Custom Post Type plugin Cross-Site Request Forgery Vulnerability
WordPress Custom Post Type plugin is a collective term for a class of plugins that are designed to help users easily create and manage custom post types through a graphical interface. A cross-site request forgery vulnerability exists in the WordPress Custom Post Type plugin, which arises from a w...
CVE-2025-13142
The Custom Post Type plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the custom post type deletion functionality. This makes it possible for unauthenticated attackers to delete custom post types...
EUVD-2025-198391
The Custom Post Type plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the custom post type deletion functionality. This makes it possible for unauthenticated attackers to delete custom post types...
CVE-2025-13142
The Custom Post Type plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the custom post type deletion functionality. This makes it possible for unauthenticated attackers to delete custom post types...
CVE-2025-13142
CVE-2025-13142 affects the WordPress plugin Custom Post Type. The vulnerability is a Cross-Site Request Forgery (CSRF) on the custom post type deletion functionality, arising from missing nonce validation. This allows unauthenticated attackers to trigger deletions by tricking a site administrator...
CVE-2025-13142 Custom Post Type <= 1.0 - Cross-Site Request Forgery to Custom Post Type Deletion
The Custom Post Type plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the custom post type deletion functionality. This makes it possible for unauthenticated attackers to delete custom post types...
CVE-2025-13142 Custom Post Type <= 1.0 - Cross-Site Request Forgery to Custom Post Type Deletion
The Custom Post Type plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the custom post type deletion functionality. This makes it possible for unauthenticated attackers to delete custom post types...
PT-2025-47701
The Custom Post Type plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the custom post type deletion functionality. This makes it possible for unauthenticated attackers to delete custom post types...
WordPress plugin Custom Post Type 跨站请求伪造漏洞
WordPress Custom Post Type plugin is a collective term for a class of plugins that are designed to help users easily create and manage custom post types through a graphical interface. A cross-site request forgery vulnerability exists in the WordPress Custom Post Type plugin, which arises from a w...
WordPress Custom Post Type plugin <= 1.0 - Cross-Site Request Forgery to Custom Post Type Deletion vulnerability
Cross-Site Request Forgery to Custom Post Type Deletion vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Custom Post Type versions = 1.0...
CVE-2025-64224
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Conference Theme Custom Post Type grandconference-custom-post allows Reflected XSS.This issue affects Grand Conference Theme Custom Post Type: from n/a through 2.6.4...
EUVD-2025-38058
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Conference Theme Custom Post Type grandconference-custom-post allows Reflected XSS.This issue affects Grand Conference Theme Custom Post Type: from n/a through 2.6.4...
CVE-2025-64224
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Conference Theme Custom Post Type grandconference-custom-post allows Reflected XSS.This issue affects Grand Conference Theme Custom Post Type: from n/a through 2.6.4...
CVE-2025-64224
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Conference Theme Custom Post Type grandconference-custom-post allows Reflected XSS.This issue affects Grand Conference Theme Custom Post Type: from n/a through 2.6.4...