EUVD-2026-33850

The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 and 7.0.0-7.0.14 is vulnerable to unauthorized modification of data. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

CVE-2026-9050

The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 and 7.0.0-7.0.14 is vulnerable to unauthorized modification of data. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

CVE-2026-9050

The CVE-2026-9050 entry concerns the Slider Revolution WordPress plugin. Affected versions are 6.0.0–6.7.55 and 7.0.0–7.0.14. The root cause is improper verification of user authorization, allowing authenticated attackers with Contributor-level access or higher to perform actions they should not ...

PT-2026-41125

Name of the Vulnerable Software and Affected Versions eMagicOne Store Manager versions prior to 1.3.3 Description Improper neutralization of special elements used in an SQL command allows for Blind SQL Injection. Blind SQL Injection is a type of attack where the application does not return data...

PT-2026-36320

Unauthenticated Cross Site Scripting XSS in Contact Form to Any API = 3.0.3 versions...

CVE-2025-10849

The Felan Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'processpluginactions' function called via an AJAX action in versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to activate ...

EUVD-2023-26816

Malicious code in bioql PyPI...

EUVD-2023-50431

Malicious code in bioql PyPI...

CVE-2025-0951

Multiple plugins and/or themes for WordPress by LiquidThemes are vulnerable to unauthorized access due to a missing capability check on the liquidresetwordpressbefore AJAX in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivat...

CVE-2025-0951 LiquidThemes Themes <= Various Versions - Missing Authorization to Authenticated (Subscriber+) All Plugins Deactivated

Multiple plugins and/or themes for WordPress by LiquidThemes are vulnerable to unauthorized access due to a missing capability check on the liquidresetwordpressbefore AJAX in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivat...

WordPress Hub theme <= 5.0.7 - Missing Authorization to Authenticated (Subscriber+) All Plugins Deactivated vulnerability

Missing Authorization to Authenticated Subscriber+ All Plugins Deactivated vulnerability discovered by Lucio Sá in WordPress Theme Hub versions = 1.2.12...

CVE-2023-46188

Missing Authorization vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Freesoul Deactivate Plugins – Plugin manager and cleanup: from n/a through 2.1.3...

CVE-2023-22687

Insecure Storage of Sensitive Information vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup plugin = 1.9.4.0 versions...

CVE-2023-46188

Missing Authorization vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Freesoul Deactivate Plugins – Plugin manager and cleanup: from n/a through 2.1.3...

CVE-2023-46188 WordPress Freesoul Deactivate Plugins plugin <= 2.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Freesoul Deactivate Plugins – Plugin manager and cleanup: from n/a through 2.1.3...

CVE-2023-46188 WordPress Freesoul Deactivate Plugins plugin <= 2.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Freesoul Deactivate Plugins – Plugin manager and cleanup: from n/a through 2.1.3...

WordPress plugin Freesoul Deactivate Plugins 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-1505 · Unknown · Freesoul Deactivate Plugins

Name of the Vulnerable Software and Affected Versions: Freesoul Deactivate Plugins – Plugin manager and cleanup versions 2.1.3 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Thi...

PT-2023-11871 · WordPress · 2J-Slideshow Plugin

Name of the Vulnerable Software and Affected Versions: 2J-SlideShow Plugin for WordPress versions up to, and including, 1.3.31 Description: The issue is related to authorization bypass due to a missing capability check on the twoj slideshow setup function. This function is called via the "wp ajax...

CVE-2023-22687

Insecure Storage of Sensitive Information vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup plugin = 1.9.4.0 versions...