226 matches found
WordPress WooMulti plugin <= 1.7 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability
Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin WooMulti versions = 1.7...
CVE-2025-14364 Demo Importer Plus <= 2.0.8 - Missing Authorization to Authenticated (Subscriber+) Site Reset and Privilege Escalation
The Demo Importer Plus plugin for WordPress is vulnerable to unauthorized modification of data, loss of data, and privilege escalation due to a missing capability check on the Ajax::handlerequest function in all versions up to, and including, 2.0.8. This makes it possible for authenticated...
EUVD-2025-203229
The Postem Ipsum plugin for WordPress is vulnerable to unauthorized modification of data to Privilege Escalation due to a missing capability check on the postemipsumgenerateusers function in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with...
WordPress Restrict Elementor Widgets, Columns and Sections plugin <= 1.12 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by MD ISMAIL in WordPress Plugin Restrict Elementor Widgets, Columns and Sections versions = 1.12...
WordPress AnnunciFunebri Impresa plugin <= 4.7.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Options Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary plugin Options Deletion vulnerability discovered by Legion Hunter in WordPress Plugin AnnunciFunebri Impresa versions = 4.7.0...
WordPress Popup Builder plugin <= 1.1.37 - Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Settings Reset vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary plugin Settings Reset vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Popup Builder versions = 1.1.37...
WordPress Employee Spotlight – Team Member Showcase & Meet the Team Plugin plugin <= 5.1.3 - Missing Authorization to Authenticated (Subscriber+) Tracking Opt-In/Opt-Out Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Tracking Opt-In/Opt-Out Modification vulnerability discovered by Legion Hunter in WordPress Plugin Employee Spotlight versions = 5.1.3...
WordPress Flow-Flow Social Feed Stream plugin 3.0.0-4.7.5 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by kr0d in WordPress Plugin Flow-Flow Social Stream versions 3.0.0-4.7.5...
WordPress WP User Manager plugin <= 2.9.12 - Authenticated (Subscriber+) Arbitrary File Deletion via 'current_user_avatar' Parameter vulnerability
Authenticated Subscriber+ Arbitrary File Deletion via 'currentuseravatar' Parameter vulnerability discovered by YCInfosec in WordPress Plugin WP User Manager versions = 2.9.12...
WordPress Infility Global plugin <= 2.14.42 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin Infility Global versions = 2.14.42...
WordPress Blaze Demo Importer plugin 1.0.0-1.0.13 - Missing Authorization to Authenticated (Subscriber+) Database Reset and File Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Database Reset and File Deletion vulnerability discovered by kr0d in WordPress Plugin Blaze Demo Importer versions 1.0.0-1.0.13...
WordPress Simple Bike Rental plugin <= 1.0.6 - Missing Authorization to Authenticated (Subscriber+) Sensitive Booking Data Exposure vulnerability
Missing Authorization to Authenticated Subscriber+ Sensitive Booking Data Exposure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Simple Bike Rental versions = 1.0.6...
WordPress PDF for Contact Form 7 + Drag and Drop Template Builder plugin <= 6.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Duplication vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Post Duplication vulnerability discovered by Legion Hunter in WordPress Plugin PDF for Contact Form 7 versions = 6.3.3...
WordPress Vimeo SimpleGallery plugin <= 0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Settings Modification vulnerability discovered by Legion Hunter in WordPress Plugin Vimeo SimpleGallery versions = 0.2...
WordPress Page View Count plugin <= 2.8.7 - Settings Change vulnerability
Settings Change vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Page View Count versions = 2.8.7...
WordPress Accessiy By CodeConfig Accessibility plugin <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page Creation vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Page Creation vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin CodeConfig Accessibility versions = 1.0.0...
WordPress Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin <= 3.6.1 - Missing Authorization to Authenticated (Subscriber+) OAuth Token Update vulnerability
Missing Authorization to Authenticated Subscriber+ OAuth Token Update vulnerability discovered by type5afe in WordPress Plugin Post SMTP versions = 3.6.1...
WordPress FluentCommunity plugin <= 2.0.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by daroo in WordPress Plugin FluentCommunity versions = 2.0.0...
PT-2025-47689
Name of the Vulnerable Software and Affected Versions Realty Portal plugin for WordPress versions 0.1 through 0.4.1 Description The Realty Portal plugin for WordPress is susceptible to unauthorized data modification, potentially leading to privilege escalation. A missing capability check within t...
WordPress Elastic Theme Editor plugin <= 0.0.3 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability
Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin Elastic Theme Editor versions = 0.0.3...