HyperComments <= 1.2.2 - Arbitrary Options Update

The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hcrequesthandler function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to...

PT-2026-20629

Name of the Vulnerable Software and Affected Versions Toret Manager plugin for WordPress versions up to and including 1.2.7 Description The Toret Manager plugin for WordPress has a flaw that allows unauthorized modification of data, potentially leading to privilege escalation. This is due to a...

CVE-2025-15157

The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'srmrestoreoptionsdefaults' function in all versions up to, and including, 3.1.19. This...

CVE-2025-15157 Starfish Review Generation & Marketing for WordPress <= 3.1.19 - Authenticated (Subscriber+) Arbitrary Options Update via srm_restore_options_defaults

The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'srmrestoreoptionsdefaults' function in all versions up to, and including, 3.1.19. This...

EUVD-2024-51465

Malicious code in bioql PyPI...

WordPress plugin MStore API 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Woffice plugin <= 5.4.21 - Authentication Bypass via Registration Role vulnerability

Authentication Bypass via Registration Role vulnerability discovered by Foxyyy in WordPress Theme Woffice versions = 5.4.21...

PT-2025-6457 · WordPress +1 · Wordpress +1

Name of the Vulnerable Software and Affected Versions: Apus Framework plugin for WordPress versions prior to 2.3 Description: The issue allows authenticated attackers with Subscriber-level access and above to update arbitrary options on the WordPress site due to a missing capability check on the...

PT-2025-1759 · WordPress · Royal Core

Name of the Vulnerable Software and Affected Versions: Royal Core plugin for WordPress versions up to, and including, 2.9.2 Description: The issue allows authenticated attackers with Subscriber-level access and above to update arbitrary options on the WordPress site due to a missing capability...

CVE-2024-13251

Incorrect Privilege Assignment vulnerability in Drupal Registration role allows Privilege Escalation.This issue affects Registration role: from 0.0.0 before 2.0.1...

CVE-2024-13251

Incorrect Privilege Assignment vulnerability in Drupal Registration role allows Privilege Escalation.This issue affects Registration role: from 0.0.0 before 2.0.1...

CVE-2024-13251 Registration role - Critical - Access bypass - SA-CONTRIB-2024-015

Incorrect Privilege Assignment vulnerability in Drupal Registration role allows Privilege Escalation.This issue affects Registration role: from 0.0.0 before 2.0.1...

CVE-2024-13251 Registration role - Critical - Access bypass - SA-CONTRIB-2024-015

Incorrect Privilege Assignment vulnerability in Drupal Registration role allows Privilege Escalation.This issue affects Registration role: from 0.0.0 before 2.0.1...

CVE-2024-13251

The CVE-2024-13251 concerns the Drupal Registration role module. A logic/privilege-assignment error allows privilege escalation and affects Registration role versions 0.0.0 through 2.0.0, with the root cause linked to how upgrades and update.php handling were processed. The issue is mitigated by ...

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Registration role prior to version 2.0.1, which stems from the inclusion of a privilege assignment error vulnerability...

WordPress plugin PowerPack Pro for Elementor security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin < 3.2.0 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

Description The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the formsaveaction function in all versions up to, and including, 3.1.5. This makes it possib...

DRUPAL-CONTRIB-2024-015

The Registration role module lets an administrator select a role or multiple roles to automatically assign to new users. The selected role or roles will be assigned to new registrants. The module has a logic error when handling sites that upgraded code and did not run the Drupal update process e....

PT-2024-10099 · Drupal · Drupal Registration Role

Name of the Vulnerable Software and Affected Versions: Drupal Registration role versions 0.0.0 through 2.0.0 Description: The issue is related to an Incorrect Privilege Assignment vulnerability in the Drupal Registration role, which allows for Privilege Escalation. This vulnerability can be...

CVE-2021-24158

Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which role to set as the default for users upon registration. This field is hidden from view for...