PT-2024-17553 · WordPress · Custom Skins Contact Form 7

Name of the Vulnerable Software and Affected Versions: Custom Skins Contact Form 7 plugin for WordPress versions prior to 1.1 Description: The issue arises from a missing capability check on the cf7cs action callback function, allowing authenticated attackers with Subscriber-level access and abov...

CVE-2024-9626

CVE-2024-9626 affects Editorial Assistant by Sovrn for WordPress (

WordPress Brizy – Page Builder plugin <= 2.4.44 - Missing Authorization to Authenticated (Contributor+) Post Modification vulnerability

Missing Authorization to Authenticated Contributor+ Post Modification vulnerability discovered by stealthcopter in WordPress Plugin Brizy versions = 2.4.44...

CVE-2024-1850 AI Post Generator | AutoWriter <= 3.3 - Missing Authorization

The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized access, modification or deletion of posts due to a missing capability check on functions hooked by AJAX actions in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with...

PT-2024-18354 · WordPress · Auto Affiliate Links

Name of the Vulnerable Software and Affected Versions: Auto Affiliate Links plugin for WordPress versions up to, and including, 6.4.3 Description: The issue allows authenticated attackers with subscriber access or higher to modify data without proper authorization. This is due to a missing...

CVE-2024-1318

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'feedzywizardstepprocess' and 'importstatus' functions in all versions up to, and...

CVE-2023-3052

The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azhaddpost', 'azhduplicatepost', 'azhupdatepost' and 'azhremovepost' functions. This makes it possibl...

WordPress Plugin Page Builder 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

Privilege escalation

The GPT AI Power: Content Writer & ChatGPT & Image Generator & WooCommerce Product Writer & AI Training WordPress plugin before 1.4.38 does not perform any kind of nonce or privilege checks before letting logged-in users modify arbitrary posts...

WordPress plugin GPT3 AI Content Writer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress plugin GPT AI Power: Content Writer &...

CVE-2021-38345 Brizy <= 1.0.125 and 1.0.127 – 2.3.11 Incorrect authorization checks allowing Post modification

The Brizy Page Builder plugin = 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another...

WordPress Brizy – Page Builder plugin <= 2.3.11 - Incorrect authorization checks allowing Post modification vulnerability

Incorrect authorization checks allowing Post modification vulnerability discovered by Ramuel Gall WordFence in WordPress Brizy – Page Builder plugin versions = 2.3.11. Solution Update the WordPress Brizy – Page Builder plugin to the latest available version at least 2.3.12...

CVE-2021-24633

The Countdown Block WordPress plugin before 1.1.2 does not have authorisation in the ebwriteblockcss AJAX action, which allows any authenticated user, such as Subscriber, to modify post contents displayed to users...

PT-2021-22062 · WordPress · Nested Pages

Name of the Vulnerable Software and Affected Versions: Nested Pages WordPress plugin versions = 3.1.15 Description: The issue allows attackers to perform Cross-Site Request Forgery attacks via the npBulkAction and npBulkEdit actions, enabling them to modify posts, including trashing or purging...

Nested Pages < 3.1.16 - CSRF to Arbitrary Post Deletion and Modification

The plugin was vulnerable to Cross-Site Request Forgery via the npBulkActions and npBulkEdit adminpost actions, which allowed attackers to trash or permanently purge arbitrary posts as well as changing their status, reassigning their ownership, and editing other metadata...

WordPress File Management Plugin Riddled with Critical Bugs

A critical cross-site scripting XSS bug impacts WordPress sites running the Frontend File Manager plugin and allows remote unauthenticated users to inject JavaScript code into vulnerable websites to create admin user accounts. The bug is one of six critical flaws impacting the WordPress plugin...

VulnCheck KEV: CVE-2017-1001000

The registerroutes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a...

WordPress < 2.3.3 XML-RPC Unauthenticated Post Modification

Binary data 4364.prm...

CVE-2004-2639

Technical details for CVE-2004-2639 are not publicly available in the provided documents. Monitor for updates.