CVE-2026-1948

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivatelicense function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with...

WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.9 - Missing Authorization to Authenticated (Subscriber+) License Deactivation via deactivate_license vulnerability

WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin = 9.1.9 - Missing Authorization to Authenticated Subscriber+ License Deactivation via deactivatelicense vulnerability discovered by Legion Hunter in WordPress Plugin NEX-Forms versions = 9.1.9...

EUVD-2026-12182

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivatelicense function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with...

CVE-2026-1948

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivatelicense function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with...

WordPress plugin NEX-Forms – Ultimate Forms Plugin for WordPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2026-1948 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Authenticated (Subscriber+) License Deactivation via deactivate_license

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivatelicense function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with...

CVE-2026-1948

Technical details beyond the Initial Description are not provided in the Connected documents. Monitor for updates.

CVE-2026-1948

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivatelicense function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with...

CVE-2026-1948 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Authenticated (Subscriber+) License Deactivation via deactivate_license

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivatelicense function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with...

PT-2026-25503

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate license function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with...

CVE-2025-11888

The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the postdeactive function and postactivate function in all versions up to, and including, 4.8.4...

CVE-2025-11888 ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.4 - Incorrect Authorization to Authenticated (Editor+) License Status Update

The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the postdeactive function and postactivate function in all versions up to, and including, 4.8.4...

CVE-2025-11888

The CVE-2025-11888 entry concerns the WordPress plugin ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution. Affected versions are

PT-2025-43708

Name of the Vulnerable Software and Affected Versions ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution versions prior to 4.8.5 Description The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress has a flaw that allo...

WordPress plugin AdForest 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2025-1969 · WordPress · Adforest

Name of the Vulnerable Software and Affected Versions: AdForest theme for WordPress versions up to and including 5.1.7 Description: The issue concerns unauthorized modification of data due to a missing capability check on several AJAX actions, such as the sb remove ad action. This allows...

PT-2024-17445 · WordPress · Gold Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Gold Addons for Elementor plugin for WordPress versions up to, and including, 1.3.2 Description: The issue allows unauthorized modification of data due to a missing capability check on the activate and deactivate functions. This makes it...

WordPress Gold Addons for Elementor plugin <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) License Activation/Deactivation vulnerability

Missing Authorization to Authenticated Subscriber+ License Activation/Deactivation vulnerability discovered by BrokenAC ignore in WordPress Plugin Gold Addons for Elementor versions = 1.3.2...

WordPress LoginPress Pro plugin < 3.0.0 - Unauth. License Activation/Deactivation vulnerability

Unauth. License Activation/Deactivation vulnerability discovered by Dave Jong Patchstack in WordPress Plugin LoginPress Pro versions 3.0.0...

CVE-2023-4150

The User Activity Tracking and Log WordPress plugin before 4.0.9 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacks...