221 matches found
CVE-2025-2266
The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the cwmpUpdateOptions function in versions 8.6.5 to 8.7.5. This makes it possible for unauthenticated...
WordPress Administrator Z plugin <= 2025.03.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by kr0d in WordPress Plugin Administrator Z versions = 2025.03.24...
CVE-2025-2815 Administrator Z <= 2025.03.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
The Administrator Z plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the adminzimportbackup function in all versions up to, and including, 2025.03.24. This makes it possible for authenticated...
WordPress Altair theme <= 5.2.4 - Unauthenticated Arbitrary Options Update via pp_import_current vulnerability
Unauthenticated Arbitrary Options Update via ppimportcurrent vulnerability discovered by Tonn in WordPress Theme Altair versions = 5.2.4...
WordPress LoginPress plugin <= 3.3.1 - Cross-Site Request Forgery to Arbitrary Options Update vulnerability
Cross-Site Request Forgery to Arbitrary Options Update vulnerability discovered by Carlos Ferreira in WordPress Plugin LoginPress versions = 3.3.1...
WordPress Industrial theme <= 1.7.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by Tonn in WordPress Theme Industrial versions = 1.7.8...
WordPress SoundRise Music plugin <= 1.7 - Authenticated (Subscriber+) Arbitrary Options Update vulnerability
Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by Tonn in WordPress Plugin SoundRise Music versions = 1.6.11...
WordPress UiPress lite plugin <= 3.5.04 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by vgo0 in WordPress Plugin UiPress lite versions = 3.5.04...
CVE-2024-9195
The WHMPress - WHMCS Client Area plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updatesettings case in the /admin/ajax.php file in all versions up to, and including, 4.3-revision-3. This makes ...
CVE-2024-9195
CVE-2024-9195 affects the WordPress plugin WHMPress — WHMCS Client Area (for WordPress) and is caused by a missing capability check on the update_settings operation in the file /admin/ajax.php . It allows authenticated attackers with Subscriber+ privileges to modify arbitrary options, potentially...
CVE-2024-9195 WHMPress - WHMCS Client Area <= 4.3-revision-3- Authenticated (Subscriber+) Arbitrary Options Update
The WHMPress - WHMCS Client Area plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updatesettings case in the /admin/ajax.php file in all versions up to, and including, 4.3-revision-3. This makes ...
CVE-2024-9193
Summary: CVE-2024-9193 affects the WordPress WHMpress plugin (versions
WordPress WHMPress - WHMCS Client Area plugin <= 4.3-revision-3 - Authenticated (Subscriber+) Arbitrary Options Update vulnerability
WordPress WHMPress - WHMCS Client Area plugin = 4.3-revision-3 - Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by Tonn in WordPress Plugin WHMCS Client Area for WordPress by WHMpress versions = 4.3-revision-3...
WordPress WHMpress plugin <= 6.3-revision-0 - Unauthenticated Local File Inclusion to Arbitrary Options Update vulnerability
Unauthenticated Local File Inclusion to Arbitrary Options Update vulnerability discovered by Tonn in WordPress Plugin WHMpress versions = 6.3-revision-0...
CVE-2024-12296 Apus Framework <= 2.3 - Authenticated (Subscriber+) Arbitrary Options Update in import_page_options
The Apus Framework plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'importpageoptions' function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, wit...
CVE-2024-12296 Apus Framework <= 2.4 - Authenticated (Subscriber+) Arbitrary Options Update in import_page_options
The Apus Framework plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'importpageoptions' function in all versions up to, and including, 2.4. This makes it possible for authenticated attackers, wit...
CVE-2024-13653 ZoxPress - The All-In-One WordPress News Theme <= 2.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backupoptions' and 'restoreoptions' functions in all versions up to, and including, 2.12.0. Thi...
WordPress Apus Framework plugin <= 2.3 - Authenticated (Subscriber+) Arbitrary Options Update in import_page_options vulnerability
Authenticated Subscriber+ Arbitrary Options Update in importpageoptions vulnerability discovered by Tonn in WordPress Plugin Apus Framework versions = 2.3...
WordPress ConvertPlus plugin <= 3.5.30 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update vulnerability
Missing Authorization to Authenticated Subscriber+ Limited Options Update vulnerability discovered by Lucio Sá in WordPress Plugin ConvertPlus versions = 3.5.30...
WordPress ZoxPress theme <= 2.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by Lucio Sá in WordPress Theme ZoxPress versions = 2.12.0...