226 matches found
WordPress ilGhera Support System for WooCommerce plugin <= 1.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Ticket Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Ticket Deletion vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Woocommerce Support System versions = 1.2.6...
WordPress VidMov theme <= 2.3.8 - Path Traversal vulnerability
Software : VidMov Type : Theme Vulnerable versions : = 2.3.8 Fixed in : 2.3.9 OWASP Top 10 : A1: Broken Access Control Classification : Path Traversal CVE ID : CVE-2025-67914 Patchstack priority : High CVSS severity : 7.7 Required privilege : Subscriber Developer : Claim ownership PSID :...
WordPress Worker for Elementor plugin <= 1.0.10 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Worker for Elementor versions = 1.0.10...
WordPress Worker for WPBakery plugin <= 1.1.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Worker for WPBakery versions = 1.1.1...
WordPress Criptopayer for Elementor plugin <= 1.0.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Criptopayer for Elementor versions = 1.0.1...
WordPress Countdowner for Elementor plugin <= 1.0.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Countdowner for Elementor versions = 1.0.4...
WordPress Questionar for Elementor plugin <= 1.1.7 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Questionar for Elementor versions = 1.1.7...
WordPress WP Custom Admin Interface plugin <= 7.40 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin WP Custom Admin Interface versions = 7.40...
WordPress Order Cancellation & Returns for WooCommerce plugin <= 1.1.10 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by powpy in WordPress Plugin Order Cancellation & Returns for WooCommerce versions = 1.1.11...
WordPress Hide Plugins plugin <= 1.0.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Hide Plugins versions = 1.0.4...
WordPress Vireo theme <= 1.0.24 - Broken Access Control vulnerability
Software : Vireo Type : Theme Vulnerable versions : = 1.0.24 OWASP Top 10 : A1: Broken Access Control Classification : Broken Access Control CVE ID : CVE-2025-62751 Patchstack priority : Low CVSS severity : 4.3 Required privilege : Subscriber Developer : Claim ownership PSID : 110abd56a0bb Credit...
WordPress History Timeline plugin <= 1.0.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin History Timeline versions = 1.0.6...
WordPress Add Custom Codes plugin <= 4.80 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Add Custom Codes versions = 4.80...
WordPress Serial Codes Generator and Validator with WooCommerce Support plugin <= 2.8.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin Serial Codes Generator and Validator with WooCommerce Support versions = 2.8.2...
WordPress Plugin Organizer plugin < 10.2.4 - Subscriber+ SQLi vulnerability
Subscriber+ SQLi vulnerability discovered by Alex Tselevich nos3curity in WordPress Plugin Plugin Organizer versions 10.2.4...
WordPress HR Management Lite plugin <= 3.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin HR Management Lite versions = 3.6...
WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.15 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.15...
WordPress Event Organiser plugin <= 3.12.8 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Doan Dinh Van in WordPress Plugin Event Organiser versions = 3.12.8...
WordPress Plugin Optimizer plugin <= 1.3.7 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Plugin Optimizer versions = 1.3.7...
WordPress Beaver Builder – WordPress Page Builder plugin <= 2.9.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Post Update vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Beaver Builder versions = 2.9.4.1...