297 matches found
CVE-2025-14943 Blog2Social: Social Media Auto Post & Scheduler <= 8.7.2 - Incorrect Authorization to Authenticated (Subscriber+) Sensitive Information Exposure
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.7.2. This is due to a misconfigured authorization check on the 'getShipItemFullText' function which only verifies that a user has the...
WordPress plugin Blog2Social 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
CVE-2025-12525
The Locker Content plugin for WordPress is vulnerable to Sensitive Information Exposure in version 1.0.0 via the 'lockercosubmitpost' AJAX endpoint. This makes it possible for unauthenticated attackers to extract content from posts that has been protected by the plugin...
CVE-2025-12481
The WP Duplicate Page plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'saveSettings' function. This makes it possible for authenticated...
EUVD-2025-197964
The WP Duplicate Page plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'saveSettings' function. This makes it possible for authenticated...
CVE-2025-12481
The WP Duplicate Page plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'saveSettings' function. This makes it possible for authenticated...
CVE-2025-12481 WP Duplicate Page <= 1.7 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure
The WP Duplicate Page plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'saveSettings' function. This makes it possible for authenticated...
CVE-2025-12481
The vulnerability CVE-2025-12481 affects the WP Duplicate Page plugin for WordPress (versions up to 1.7). Root cause: Missing authorization checks in saveSettings allow authenticated users with Contributor+ privileges to modify plugin settings that control capabilities, enabling them to duplicate...
CVE-2025-12481 WP Duplicate Page <= 1.7 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure
The WP Duplicate Page plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'saveSettings' function. This makes it possible for authenticated...
PT-2025-47281
Name of the Vulnerable Software and Affected Versions WP Duplicate Page plugin versions prior to 1.8 Description The WP Duplicate Page plugin for WordPress is affected by a missing authorization issue. The plugin does not properly verify user authorization to perform actions within the saveSettin...
CVE-2025-11377
The List category posts plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.92.0 via the 'catlist' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level...
CVE-2025-11377
The List category posts plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.92.0 via the 'catlist' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level...
CVE-2025-11377
The CVE-2025-11377 case is supported by multiple connected sources: WordPress List category posts plugin 0.92.0) or follow vendor advisories for fixes. Monitor for updates from CVE databases and the plugin maintainers to confirm remediation efficacy.
CVE-2025-11377 List category posts <= 0.92.0 - Authenticated (Contributor+) Information Exposure
The List category posts plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.92.0 via the 'catlist' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level...
PT-2025-44703
Name of the Vulnerable Software and Affected Versions WordPress List category posts plugin versions prior to 0.92.0 Description The List category posts plugin for WordPress has an information exposure issue due to insufficient restrictions on posts included by the 'catlist' shortcode. This allows...
CVE-2025-11701
The Zip Attachments plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check as well as missing post status validation in the zacreatezipcallback function in all versions up to, and including, 1.6. This makes it possible for unauthenticated attackers to...
CVE-2025-11701
CVE-2025-11701 refers to the WordPress plugin Zip Attachments (versions
CVE-2025-11701 Zip Attachments <= 1.6 - Missing Authorization to Unauthenticated Private And Password-Protected Posts Attachment Disclosure
The Zip Attachments plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check as well as missing post status validation in the zacreatezipcallback function in all versions up to, and including, 1.6. This makes it possible for unauthenticated attackers to...
CVE-2025-11701 Zip Attachments <= 1.6 - Missing Authorization to Unauthenticated Private And Password-Protected Posts Attachment Disclosure
The Zip Attachments plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check as well as missing post status validation in the zacreatezipcallback function in all versions up to, and including, 1.6. This makes it possible for unauthenticated attackers to...
WordPress Zip Attachments plugin <= 1.6 - Missing Authorization to Unauthenticated Private And Password-Protected Posts Attachment Disclosure vulnerability
Missing Authorization to Unauthenticated Private And Password-Protected Posts Attachment Disclosure vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Zip Attachments versions = 1.6...