42 matches found
WordPress WP Mail Gateway plugin <= 1.8 - Missing Authorization to Authenticated (Subscriber+) SMTP Configuration Modification vulnerability
Missing Authorization to Authenticated Subscriber+ SMTP Configuration Modification vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin WP Mail Gateway versions = 1.8...
WordPress Gravity SMTP plugin <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Plugin Uninstall vulnerability
Missing Authorization to Authenticated Subscriber+ Plugin Uninstall vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Gravity SMTP versions = 2.1.4...
CVE-2026-3098 Smart Slider 3 <= 3.5.1.33 - Authenticated (Subscriber+) Arbitrary File Read via actionExportAll
The Smart Slider 3 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.5.1.33 via the 'actionExportAll' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on th...
CVE-2025-12448
Smartsupp – live chat, AI shopping assistant and chatbots for WordPress (plugin) is vulnerable up to version 3.9.1 to a Stored Cross-Site Scripting via the 'code' parameter due to insufficient input sanitization and output escaping. The vulnerability allows authenticated attackers with Subscriber...
WordPress OpenPix plugin <= 2.13.3 - Subscriber+ Payment Gateway Settings Reset vulnerability
Subscriber+ Payment Gateway Settings Reset vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan in WordPress Plugin OpenPix versions = 2.13.3...
WordPress WP Customer Area plugin < 8.2.1 - Subscriber+ Account Address Update vulnerability
Subscriber+ Account Address Update vulnerability discovered by Krzysztof Zając CERT PL in WordPress Plugin WP Customer Area versions 8.2.1...
WordPress Dreamer Blog theme <= 1.2 - Subscriber+ Arbitrary Plugin Installation vulnerability
Subscriber+ Arbitrary Plugin Installation vulnerability discovered by Khaled Alenazi Nxploited in WordPress Theme Dreamer Blog versions = 1.2...
WordPress Construction Light theme < 1.6.8 - Subscriber+ Arbitrary Plugin Activation vulnerability
Subscriber+ Arbitrary Plugin Activation vulnerability discovered by Khaled Alenazi Nxploited in WordPress Theme Construction Light versions 1.6.8...
WordPress Ajax Load More plugin < 2.8.1.2 - Subscriber+ File Upload & Deletion vulnerability
Subscriber+ File Upload & Deletion vulnerability discovered by PizzaHatHacker in WordPress Plugin Ajax Load More versions 2.8.1.2...
WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.2.9 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'eh_crm_ticket_single_view_client' vulnerability
Authenticated Subscriber+ Insecure Direct Object Reference via 'ehcrmticketsingleviewclient' vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System versions = 3.2.9...
WordPress XStore theme <= 9.5.4 - Authenticated (Subscriber+) Local File Inclusion vulnerability
Authenticated Subscriber+ Local File Inclusion vulnerability discovered by khanhhnahk1 in WordPress Theme XStore versions = 9.5.4...
WordPress Administrator Z plugin <= 2025.03.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by kr0d in WordPress Plugin Administrator Z versions = 2025.03.24...
WordPress Zapier for WordPress plugin <= 1.5.1 - Authenticated (Subscriber+) Blind Server-Side Request Forgery via updated_user Function vulnerability
Authenticated Subscriber+ Blind Server-Side Request Forgery via updateduser Function vulnerability discovered by shaman0x01 in WordPress Plugin Zapier for WordPress versions = 1.5.1...
WordPress Industrial theme <= 1.7.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by Tonn in WordPress Theme Industrial versions = 1.7.8...
WordPress WP Crowdfunding plugin <= 2.1.14 - Missing Authorization to Authenticated (Subscriber+) Post Content Download vulnerability
Missing Authorization to Authenticated Subscriber+ Post Content Download vulnerability discovered by Krzysztof Zając in WordPress Plugin WP Crowdfunding versions = 2.1.14...
WordPress ECPay Ecommerce for WooCommerce plugin <= 1.1.2411060 - Missing Authorization to Authenticated (Subscriber+) Log Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Log Deletion vulnerability discovered by incognito in WordPress Plugin ECPay Ecommerce for WooCommerce versions = 1.1.2411060...
WordPress PIXNET plugin <= 2.9.10 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin PIXNET versions = 2.9.10...
WordPress Library Management System plugin <= 3.2.0 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Frissi0n in WordPress Plugin Library Management System versions = 3.2.0...
WordPress ARForms plugin <= 6.4.1 - Subscriber+ Plugin Settings Change vulnerability
Subscriber+ Plugin Settings Change vulnerability discovered by Dave Jong Patchstack in WordPress Plugin ARForms versions = 6.4.1...
WordPress ARForms plugin <= 6.4.1 - Subscriber+ Arbitrary File Read vulnerability
Subscriber+ Arbitrary File Read vulnerability discovered by Dave Jong Patchstack in WordPress Plugin ARForms versions = 6.4.1...