2 matches found
CVE-2026-7651 User Registration & Membership <= 5.1.5 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Media Deletion via 'profile-pic-url' Parameter
The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.5. This is due to missing...
WordPress Da Reactions plugin <= 5.1.5 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Khalid Yusuf Patchstack Alliance in WordPress Plugin Da Reactions versions = 5.1.5...