CVE-2026-1924

The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to missing nonce verification on the ahscajaxresetoptions function. This makes it possible for unauthenticated attackers to reset all plugin settings t...

PT-2026-31843

Name of the Vulnerable Software and Affected Versions Aruba HiSpeed Cache plugin for WordPress versions up to and including 3.0.4 Description The Aruba HiSpeed Cache plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by the absence of nonce verification within the...

WordPress plugin Aruba HiSpeed Cache 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-23694

Aruba HiSpeed Cache aruba-hispeed-cache WordPress plugin versions prior to 3.0.5 contain a cross-site request forgery CSRF vulnerability affecting multiple administrative AJAX actions. The handlers for ahscresetoptions, ahscdebugstatus, and ahscenablepurge perform authentication and capability...

PT-2026-21555

Name of the Vulnerable Software and Affected Versions Aruba HiSpeed Cache WordPress plugin versions prior to 3.0.5 Description The Aruba HiSpeed Cache WordPress plugin is susceptible to a cross-site request forgery CSRF issue impacting several administrative AJAX actions. Specifically, the ahsc...

CVE-2025-14447

The AnnunciFunebri Impresa plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the annfuresetoptions function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and...

PT-2025-51074

The AnnunciFunebri Impresa plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the annfu reset options function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with Subscriber-level access an...

CVE-2024-12810

The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 7.1. This makes it possible for authenticated attackers, wit...

CVE-2024-13654

The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'resetoptions' function in all versions up to, and including, 2.12.0. This makes it possible for...

CVE-2024-13654

CVE-2024-13654 concerns the WordPress theme ZoxPress (

WordPress plugin Zox News 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

PT-2025-6170 · WordPress · Zox News - Professional Wordpress News & Magazine Theme

Name of the Vulnerable Software and Affected Versions: Zox News - Professional WordPress News & Magazine Theme plugin for WordPress versions up to and including 3.17.0 Description: The vulnerability can lead to privilege escalation and denial of service conditions due to missing capability checks...

CVE-2022-29414

Multiple 13x Cross-Site Request Forgery CSRF vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin mass update settings, manage subscriptions add a new subscription, update subscription, delete Subscription...