EUVD-2026-26736

The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wmgsaveproviderconfig AJAX action in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update...

CVE-2026-6963

CVE-2026-6963 affects the WP Mail Gateway WordPress plugin (up to version 1.8). The issue is a missing capability check on the wmg_save_provider_config AJAX action, allowing authenticated users with Subscriber-level access or higher to modify SMTP settings and redirect mail. This can be leveraged...

CVE-2025-14726 Widgets for Social Photo Feed <= 1.8 - Missing Authentication to Unauthenticated Plugin Settings Access/Update via trustindex_feed_hook_instagram REST API endpoints

The Widgets for Social Photo Feed plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the '/trustindexfeedhookinstagram/troubleshooting' and '/trustindexfeedhookinstagram/submit-data' REST API endpoints in all versions up...

PT-2026-36568

Name of the Vulnerable Software and Affected Versions WP Mail Gateway versions prior to 1.9 Description The plugin is subject to unauthorized access because of a missing capability check on the 'wmg save provider config' AJAX action. Authenticated attackers with Subscriber-level access or higher...

CVE-2026-3143

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxclicancel' function in all versions up to, and including, 1.17.1. This makes it possible for...

CVE-2026-3143 Total Upkeep <= 1.17.1 - Missing Authorization to Unauthenticated Rollback Cancellation

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxclicancel' function in all versions up to, and including, 1.17.1. This makes it possible for...

EUVD-2026-26502

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxclicancel' function in all versions up to, and including, 1.17.1. This makes it possible for...

CVE-2026-1930

The Emailchef plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pageoptionsajaxdisconnect function in all versions up to, and including, 3.5.1. This makes it possible for authenticated attackers, with Subscriber-level access and above...

CVE-2026-1930

The WordPress Emailchef plugin (versions up to 3.5.1) is vulnerable due to a missing capability check in page_options_ajax_disconnect(). This allows authenticated attackers with Subscriber-level access and higher to delete the plugin’s settings via the emailchef_disconnect AJAX action, exposing d...

PT-2026-34317

The Emailchef plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the page options ajax disconnect function in all versions up to, and including, 3.5.1. This makes it possible for authenticated attackers, with Subscriber-level access and...

CVE-2026-0718 Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX <= 5.0.5 - Missing Authorization to Limited Post Meta Modification

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ultpshareCountcallback function in all versions up to, and including, 5.0.5. This makes it possible for...

CVE-2026-0718

The CVE-2026-0718 entry concerns the WordPress plugin Post Grid Gutenberg Blocks for News, Magazines, Blog Websites — PostX . It is affected by a missing capability check in the function ultp_shareCount_callback() , allowing unauthenticated modification of the share_count post meta for any post, ...

PT-2026-33267

Name of the Vulnerable Software and Affected Versions AcyMailing versions 9.11.0 through 10.8.1 Description A missing capability check on the 'wp ajax acymailing router' AJAX handler allows authenticated attackers with Subscriber-level access or higher to access admin-only controllers, including...

CVE-2026-1314

The CVE-2026-1314 entry concerns the WordPress plugin “3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery”. It is vulnerable due to a missing capability check in send_post_pages_json() across all versions up to and including 1.16.17, allowing unauthenticated attackers to retr...

CVE-2026-4057

The Download Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makeMediaPublic and makeMediaPrivate functions in all versions up to, and including, 3.3.51. This is due to the functions only checking for editposts capability...

CVE-2026-0814

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vszcf7exporttoexcel' function in all versions up to, and including, 2.0.9. This makes it possible for authenticated attackers, with Subscriber-level access an...

CVE-2026-2263

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hustlemoduleconverted' AJAX action in all versions up to, and including, 7.8.10.2. This makes it possible for...

CVE-2026-3571

The Pie Register – User Registration, Profiles & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the piemain function in all versions up to, and including, 3.8.4.8. This makes it possible for unauthenticated attacker...

CVE-2026-3571

The Pie Register – User Registration, Profiles & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the piemain function in all versions up to, and including, 3.8.4.8. This makes it possible for unauthenticated attacker...

CVE-2026-3571 Pie Register – User Registration, Profiles & Content Restriction <= 3.8.4.8 - Missing Authorization to Unauthenticated Registration Form Status Modification

The Pie Register – User Registration, Profiles & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the piemain function in all versions up to, and including, 3.8.4.8. This makes it possible for unauthenticated attacker...