12 matches found
CVE-2025-13538
The FindAll Listing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.5. This is due to the 'findalllistinguserregistrationadditionalparams' function not restricting what user roles a user can register with. This makes it possible for...
WordPress FindAll Membership plugin <= 1.0.4 - Authentication Bypass via Social Login vulnerability
Authentication Bypass via Social Login vulnerability discovered by István Márton - Wordfence in WordPress Plugin FindAll Membership versions = 1.0.4...
EUVD-2025-199796
The FindAll Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.4. This is due to the plugin not properly logging in a user with the data that was previously verified through the 'findallmembershipcheckfacebookuser' and the...
CVE-2025-13539
The FindAll Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.4. This is due to the plugin not properly logging in a user with the data that was previously verified through the 'findallmembershipcheckfacebookuser' and the...
CVE-2025-13538
The FindAll Listing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.5. This is due to the 'findalllistinguserregistrationadditionalparams' function not restricting what user roles a user can register with. This makes it possible for...
CVE-2025-13539 FindAll Membership <= 1.0.4 - Authentication Bypass via Social Login
The FindAll Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.4. This is due to the plugin not properly logging in a user with the data that was previously verified through the 'findallmembershipcheckfacebookuser' and the...
CVE-2025-13539 FindAll Membership <= 1.0.4 - Authentication Bypass via Social Login
The FindAll Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.4. This is due to the plugin not properly logging in a user with the data that was previously verified through the 'findallmembershipcheckfacebookuser' and the...
CVE-2025-13539
CVE-2025-13539 affects the WordPress plugin FindAll Membership (≤ 1.0.4). Root cause: authentication bypass due to improper login handling tied to social login verifications, enabling unauthenticated attackers (with an existing site account) to log in as an administrator. According to Wordfence, ...
CVE-2025-13538 FindAll Listing <= 1.0.5 - Unauthenticated Privilege Escalation
The FindAll Listing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.5. This is due to the 'findalllistinguserregistrationadditionalparams' function not restricting what user roles a user can register with. This makes it possible for...
WordPress plugin FindAll Membership 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2025-48228
The FindAll Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.4. This is due to the plugin not properly logging in a user with the data that was previously verified through the 'findall membership check facebook user' and the 'findall...
PT-2025-48227
Name of the Vulnerable Software and Affected Versions FindAll Listing versions prior to 1.0.6 Description The FindAll Listing plugin for WordPress is susceptible to a privilege escalation issue. This occurs because the findall listing user registration additional params function does not properly...