CVE-2026-40098

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the shared wishlist add-to-cart endpoint authorizes access with a public...

WordPress Upload.am Arbitrary Option Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. An arbitrary option disclosure vulnerability exists in WordPress Upload.am, which stems from a lack of capability checking by the AJAX request processor, which can be...

CVE-2025-12630

The Upload.am WordPress plugin before 1.0.1 is vulnerable to arbitrary option disclosure due to a missing capability check on its AJAX request handler, allowing users such as contributor to view site options...

WordPress Upload.am plugin < 1.0.1 - Contributor+ Arbitrary Option Disclosure vulnerability

Contributor+ Arbitrary Option Disclosure vulnerability discovered by Beatriz Fresno Naumova beafn28 in WordPress Plugin Upload.am versions 1.0.1...

EUVD-2025-200267

The Upload.am WordPress plugin before 1.0.1 is vulnerable to arbitrary option disclosure due to a missing capability check on its AJAX request handler, allowing users such as contributor to view site options...

CVE-2025-12630

The Upload.am WordPress plugin before 1.0.1 is vulnerable to arbitrary option disclosure due to a missing capability check on its AJAX request handler, allowing users such as contributor to view site options...

CVE-2025-12630 Upload.am File Hosting VPN < 1.0.1 - Contributor+ Arbitrary Option Disclosure

The Upload.am WordPress plugin before 1.0.1 is vulnerable to arbitrary option disclosure due to a missing capability check on its AJAX request handler, allowing users such as contributor to view site options...

CVE-2025-12630 Upload.am File Hosting VPN < 1.0.1 - Contributor+ Arbitrary Option Disclosure

The Upload.am WordPress plugin before 1.0.1 is vulnerable to arbitrary option disclosure due to a missing capability check on its AJAX request handler, allowing users such as contributor to view site options...

CVE-2025-12630

CVE-2025-12630 affects the Upload.am WordPress plugin prior to version 1.0.1. The root cause is a missing capability check in the plugin’s AJAX request handler, enabling an attacker (e.g., a contributor) to disclose site options. The CVE description and connected sources consistently describe arb...

PT-2025-48709

CVE-2025-12630 The https://t.co/qJXADBHssq WordPress plugin before 1.0.1 is vulnerable to arbitrary option disclosure due to a missing capability check on its AJAX request handler, allowing user… https://t.co/IEMrlN1EhJ...

CVE-2025-27001 WordPress Shipmondo – A complete shipping solution for WooCommerce plugin <= 5.0.3 - Authenticated Arbitrary WordPress Option Disclosure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Shipmondo Shipmondo – A complete shipping solution for WooCommerce pakkelabels-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Shipmondo – A complete shipping solution for WooCommerce: from n/a through =...

WordPress Shipmondo – A complete shipping solution for WooCommerce plugin <= 5.0.3 - Authenticated Arbitrary WordPress Option Disclosure vulnerability

Authenticated Arbitrary WordPress Option Disclosure vulnerability discovered by Psai Patchstack in WordPress Plugin Shipmondo – A complete shipping solution for WooCommerce versions = 5.0.3...