CVE-2025-49349 WordPress Reuters Direct plugin <= 3.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Reuters News Agency Reuters Direct reuters-direct allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reuters Direct: from n/a through = 3.0.0...

WordPress plugin Reuters Direct 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress Reuters Direct plugin <= 3.0.0 - Missing Authorization to Unauthenticated Settings Reset vulnerability

Missing Authorization to Unauthenticated Settings Reset vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Reuters Direct versions = 3.0.0...

CVE-2025-12578

The Reuters Direct plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on the the 'class-reuters-direct-settings.php' page. This makes it possible for unauthenticated attackers to reset...

EUVD-2025-199787

The Reuters Direct plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'logoff' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to reset the plugin's settings...

CVE-2025-12579

The Reuters Direct plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'logoff' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to reset the plugin's settings...

CVE-2025-12579

CVE-2025-12579 affects the Reuters Direct WordPress plugin. The vulnerability is a missing capability check on the logoff action in all versions up to and including 3.0.0, enabling unauthenticated attackers to reset the plugin’s settings (unauthorized modification of data). Connected sources conf...

CVE-2025-12578

The Reuters Direct WordPress plugin (

CVE-2025-12578 Reuters Direct <= 3.0.0 - Cross-Site Request Forgery to Settings Reset

The Reuters Direct plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on the the 'class-reuters-direct-settings.php' page. This makes it possible for unauthenticated attackers to reset...

WordPress plugin Reuters Direct 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2025-48217

The Reuters Direct plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'logoff' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to reset the plugin's settings...

WordPress Reuters Direct plugin <= 3.0.0 - Cross-Site Request Forgery to Settings Reset vulnerability

Cross-Site Request Forgery to Settings Reset vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Reuters Direct versions = 3.0.0...