25 matches found
CVE-2025-49349
Missing Authorization vulnerability in Reuters News Agency Reuters Direct reuters-direct allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reuters Direct: from n/a through = 3.0.0...
CVE-2025-49349
Missing Authorization vulnerability in Reuters News Agency Reuters Direct reuters-direct allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reuters Direct: from n/a through = 3.0.0...
CVE-2025-49349 WordPress Reuters Direct plugin <= 3.0.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Reuters News Agency Reuters Direct reuters-direct allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reuters Direct: from n/a through = 3.0.0...
CVE-2025-49349
Reuters Direct (Reuters Direct) has a Missing Authorization vulnerability due to incorrectly configured access control levels, affecting versions up to 3.0.0. The Wordfence report lists CVE-2025-49349 with a patch status of Unpatched; no exploit details or remediation are provided in the connecte...
CVE-2025-49349 WordPress Reuters Direct plugin <= 3.0.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Reuters News Agency Reuters Direct reuters-direct allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reuters Direct: from n/a through = 3.0.0...
EUVD-2025-205945
Missing Authorization vulnerability in Reuters News Agency Reuters Direct allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reuters Direct: from n/a through 3.0.0...
WordPress Reuters Direct plugin <= 3.0.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Reuters Direct versions = 3.0.0...
PT-2025-54342
Name of the Vulnerable Software and Affected Versions Reuters Direct versions through 3.0.0 Description A missing authorization issue exists in Reuters Direct, allowing exploitation of incorrectly configured access control security levels. Recommendations Update Reuters Direct to a version later...
WordPress plugin Reuters Direct 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress Reuters Direct plugin <= 3.0.0 - Missing Authorization to Unauthenticated Settings Reset vulnerability
Missing Authorization to Unauthenticated Settings Reset vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Reuters Direct versions = 3.0.0...
CVE-2025-12579
The Reuters Direct plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'logoff' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to reset the plugin's settings...
CVE-2025-12578
The Reuters Direct plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on the the 'class-reuters-direct-settings.php' page. This makes it possible for unauthenticated attackers to reset...
EUVD-2025-199787
The Reuters Direct plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'logoff' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to reset the plugin's settings...
CVE-2025-12579
The Reuters Direct plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'logoff' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to reset the plugin's settings...
CVE-2025-12578
The Reuters Direct plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on the the 'class-reuters-direct-settings.php' page. This makes it possible for unauthenticated attackers to reset...
CVE-2025-12579 Reuters Direct <= 3.0.0 - Missing Authorization to Unauthenticated Settings Reset
The Reuters Direct plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'logoff' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to reset the plugin's settings...
CVE-2025-12579 Reuters Direct <= 3.0.0 - Missing Authorization to Unauthenticated Settings Reset
The Reuters Direct plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'logoff' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to reset the plugin's settings...
CVE-2025-12579
CVE-2025-12579 affects the Reuters Direct WordPress plugin. The vulnerability is a missing capability check on the logoff action in all versions up to and including 3.0.0, enabling unauthenticated attackers to reset the plugin’s settings (unauthorized modification of data). Connected sources conf...
CVE-2025-12578
The Reuters Direct WordPress plugin (
CVE-2025-12578 Reuters Direct <= 3.0.0 - Cross-Site Request Forgery to Settings Reset
The Reuters Direct plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on the the 'class-reuters-direct-settings.php' page. This makes it possible for unauthenticated attackers to reset...