WordPress PilotPress Plugin <= 2.0.36 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Nabil Irawan in WordPress Plugin PilotPress versions = 2.0.36...

CVE-2025-58221

CVE-2025-58221: PilotPress (Ontraport) WordPress plugin contains a Missing Authorization issue that permits an unauthenticated entity to perform an “arbitrary options update” via the wcmlim_settings_ajax_handler. This aligns with a network-scope vulnerability (CVSS v3.1: 4.3, Medium) and is assoc...

CVE-2025-58221 WordPress PilotPress Plugin <= 2.0.36 - Broken Access Control Vulnerability

Missing Authorization vulnerability in ONTRAPORT PilotPress pilotpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PilotPress: from n/a through = 2.0.36...

CVE-2025-58238

PilotPress (ONTRAPORT WordPress plugin) contains a Stored XSS in versions up to and including 2.0.36. The vulnerability is triggered when an authenticated attacker injects script via input that is not properly neutralized during web page generation. Effects are as described in Wordfence vulnerabi...

WordPress plugin ONTRAPORT PilotPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site...

WordPress PilotPress Plugin <= 2.0.30 is vulnerable to Broken Access Control

Software PilotPress Type Plugin Vulnerable versions = 2.0.30 Fixed in 2.0.31 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-23524 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 0d381f1b6d73 Credits Nguyen Xuan Chien Required...