WordPress WP Job Portal plugin <= 2.2.2 - Authenticated (Admin+) SQL Injection via wpjobportal_deactivate() vulnerability

Authenticated Admin+ SQL Injection via wpjobportaldeactivate vulnerability discovered by WordFence in WordPress Plugin WP Job Portal versions = 2.2.2...

CVE-2025-11888 ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.4 - Incorrect Authorization to Authenticated (Editor+) License Status Update

The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the postdeactive function and postactivate function in all versions up to, and including, 4.8.4...

CVE-2025-8479 Zoho Flow <= 2.14.1 - Cross-Site Request Forgery

The Zoho Flow plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.14.1. This is due to missing or incorrect nonce validation on the zohoflowdeactivateplugin function. This makes it possible for unauthenticated attackers to modify typography setting...

CVE-2025-8479

CVE-2025-8479: The Zoho Flow WordPress plugin (versions ≤ 2.14.1) is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in zoho_flow_deactivate_plugin. This allows unauthenticated attackers to cause changes to typography settings by tricking an admin into a forged ...

PT-2025-37119

The Zoho Flow plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.14.1. This is due to missing or incorrect nonce validation on the zoho flow deactivate plugin function. This makes it possible for unauthenticated attackers to modify typography...

CVE-2024-11713

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'pageid' parameter of the wpjobportaldeactivate function in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied...

PT-2024-17203 · WordPress · Wp Job Portal

Name of the Vulnerable Software and Affected Versions: WP Job Portal plugin for WordPress versions up to, and including, 2.2.2 Description: The issue is related to SQL Injection via the page id parameter of the wpjobportal deactivate function due to insufficient escaping on the user-supplied...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to properly deregister the sysfs attribute before calling the deactivate function...

CVE-2023-40868

Cross Site Request Forgery vulnerability in mooSocial MooSocial Software v.Demo allows a remote attacker to execute arbitrary code via the Delete Account and Deactivate functions...

CVE-2023-40868

Cross Site Request Forgery vulnerability in mooSocial MooSocial Software v.Demo allows a remote attacker to execute arbitrary code via the Delete Account and Deactivate functions...

CVE-2023-1336

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajaxdeactivate function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...

WordPress plugin RapidLoad Power-Up for Autoptimize 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A cross-site request forgery vulnerability...

CVE-2022-4555

The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate function hooked via init in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins on the site. This can...

Authorization

The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate function hooked via init in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins on the site. This can...

PT-2022-27572 · WordPress · Wp Shamsi

Name of the Vulnerable Software and Affected Versions: WP Shamsi plugin for WordPress versions up to, and including, 4.1.0 Description: The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate function hooked via init. This makes...