8 matches found
CVE-2025-13405
The Ace Post Type Builder plugin for WordPress is vulnerable to unauthorized custom taxonomy deletion due to missing authorization validation on the cptbdeletecustomtaxonomy function in all versions up to, and including, 1.9. This makes it possible for authenticated attackers, with Subscriber-lev...
CVE-2025-13405
The Ace Post Type Builder plugin for WordPress is vulnerable to unauthorized custom taxonomy deletion due to missing authorization validation on the cptbdeletecustomtaxonomy function in all versions up to, and including, 1.9. This makes it possible for authenticated attackers, with Subscriber-lev...
EUVD-2025-199569
The Ace Post Type Builder plugin for WordPress is vulnerable to unauthorized custom taxonomy deletion due to missing authorization validation on the cptbdeletecustomtaxonomy function in all versions up to, and including, 1.9. This makes it possible for authenticated attackers, with Subscriber-lev...
CVE-2025-13405 Ace Post Type Builder <= 1.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Custom Taxonomy Deletion via 'taxonomy' Parameter
The Ace Post Type Builder plugin for WordPress is vulnerable to unauthorized custom taxonomy deletion due to missing authorization validation on the cptbdeletecustomtaxonomy function in all versions up to, and including, 1.9. This makes it possible for authenticated attackers, with Subscriber-lev...
CVE-2025-13405
CVE-2025-13405 affects the WordPress plugin “Ace Post Type Builder” (versions up to and including 1.9). The vulnerability is caused by missing authorization validation in the cptb_delete_custom_taxonomy() function, enabling authenticated attackers with Subscriber-level access or higher to delete ...
WordPress Ace Post Type Builder plugin <= 1.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Custom Taxonomy Deletion via 'taxonomy' Parameter vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Custom Taxonomy Deletion via 'taxonomy' Parameter vulnerability discovered by Legion Hunter in WordPress Plugin Ace Post Type Builder versions = 1.9...
CVE-2024-10143
The MB Custom Post Types & Custom Taxonomies WordPress plugin before 2.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
WordPress plugin MB Custom Post Types & Custom Taxonomies 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in WordPress...