649 matches found
WordPress Single Mailchimp plugin <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Single Mailchimp versions = 1.4...
CVE-2026-4024
The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wprupdateformactionmeta AJAX action in all versions up to, and including, 1.7.1056. The handler is registered on both wpajax and wpajaxnopriv hooks, maki...
CVE-2026-25430
Missing Authorization vulnerability in CRM Perks Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms cf7-mailchimp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Mailchimp and Contact Form 7, WPForms, Elementor,...
CVE-2025-13997
The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via...
CVE-2026-1781
The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.11.1. This is due to the plugin trusting the mc4wpaction POST parameter without validation, allowing unauthenticated attackers to force the form to process...
EUVD-2026-15725
Missing Authorization vulnerability in CRM Perks Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms cf7-mailchimp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Mailchimp and Contact Form 7, WPForms, Elementor,...
CVE-2026-25430
Missing Authorization vulnerability in CRM Perks Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms cf7-mailchimp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Mailchimp and Contact Form 7, WPForms, Elementor,...
CVE-2026-25430
CVE-2026-25430 describes a Missing Authorization vulnerability in the Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms (cf7-mailchimp). Affected versions are from n/a through 1.2.2. The issue arises from incorrectly configured access control, enabling network-attacker...
CVE-2026-25430 WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in CRM Perks Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms cf7-mailchimp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Mailchimp and Contact Form 7, WPForms, Elementor,...
CVE-2026-25430 WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in CRM Perks Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms cf7-mailchimp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Mailchimp and Contact Form 7, WPForms, Elementor,...
PT-2026-27945
Name of the Vulnerable Software and Affected Versions CRM Perks Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms versions through 1.2.2 Description An authorization issue exists in CRM Perks Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms...
WordPress plugin Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be integrated...
CVE-2025-13997
The CVE-2025-13997 entry concerns the King Addons for Elementor WordPress plugin. Affected: King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor. Root cause: unauthenticated API key disclosure caused by the plugin adding API keys to the HTML ...
CVE-2025-13997
The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via...
CVE-2025-13997 King Addons for Elementor <= 51.1.49 - Unauthenticated API Keys Disclosure
The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via...
CVE-2025-13997 King Addons for Elementor <= 51.1.49 - Unauthenticated API Keys Disclosure
The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via...
PT-2026-27061
The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via...
WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms versions = 1.2.2...
WordPress MC4WP: Mailchimp for WordPress plugin <= 4.11.1 - Missing Authorization to Unauthenticated Arbitrary Subscription Deletion vulnerability
Missing Authorization to Unauthenticated Arbitrary Subscription Deletion vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin MC4WP versions = 4.11.1...
EUVD-2026-11032
The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.11.1. This is due to the plugin trusting the mc4wpaction POST parameter without validation, allowing unauthenticated attackers to force the form to process...