3 matches found
CVE-2025-12168
CVE-2025-12168: The Phrase TMS Integration for WordPress plugin (WordPress) contains a missing capability check on the wp_ajax_delete_log endpoint, allowing authenticated users with Subscriber+ access to delete log files. Affected: Phrase TMS Integration for WordPress
WordPress PixelYourSite PRO plugin <= 10.4.2 - Unauthenticated Information Exposure and Log Deletion vulnerability
Unauthenticated Information Exposure and Log Deletion vulnerability discovered by Xetnus in WordPress Plugin PixelYourSite PRO versions = 10.4.2...
CVE-2023-1624
The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcodeactivatesnippets capability delete arbitrary log files on the server, including...