CVE-2026-8938

The CVE-2026-8938 entry concerns the WordPress plugin “auto making JSON-LD” (versions

PT-2026-43534

The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJL certification function. This makes it possible for unauthenticated attackers to update the plugin'...

EUVD-2024-17595

Malicious code in bioql PyPI...

CVE-2024-13370

The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the saveaddonkeylicense function in all versions up to, and including, 1.3.2. This makes it possible fo...

CVE-2024-13370

CVE-2024-13370 affects Youzify (WordPress plugin) and is due to a missing capability check in save_addon_key_license(), enabling authenticated attackers with Subscriber+ privileges to update arbitrary options to a valid license key. Public details in Wordfence/Red Hat and CVE entries show the vul...

WordPress If Menu plugin <= 0.19.1 - Missing Authorization to License Key Update vulnerability

Missing Authorization to License Key Update vulnerability discovered by Marco Wotschka in WordPress Plugin If Menu versions = 0.19.1...

CVE-2024-1870

The Colibri Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callActivateLicenseEndpoint function in all versions up to, and including, 1.0.260. This makes it possible for authenticated attackers, with subscriber access ...

WordPress 安全漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress WPBakery Page Builder Visual Composer Clipboard Plugin...