CVE-2026-2294 UiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.09 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update

The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'uipsaveglobalsettings' function in all versions up to, and including, 3.5.09. This makes it possible for...

PT-2025-51071

Name of the Vulnerable Software and Affected Versions Postem Ipsum versions up to and including 3.0.1 Description The Postem Ipsum plugin for WordPress has a flaw that allows unauthorized modification of data, leading to privilege escalation. Attackers with Subscriber-level access or higher can...

EUVD-2019-4111

Malware in sbrugna...

PT-2025-36578

Name of the Vulnerable Software and Affected Versions: AutomatorWP – Automator plugin for WordPress versions prior to 5.3.7 Description: The AutomatorWP – Automator plugin for WordPress is susceptible to unauthorized data modification due to a missing capability check on the automatorwp ajax impo...

CVE-2023-5438

The wp image slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2019-12516

The slickquiz plugin through 1.3.7.1 for WordPress allows SQL Injection by Subscriber users, as demonstrated by a /wp-admin/admin.php?page=slickquiz-scores= or /wp-admin/admin.php?page=slickquiz-edit= or /wp-admin/admin.php?page=slickquiz-preview= URI...

WordPress ALL In One Custom Login Page plugin <= 7.1.1 - Missing Authorization to Authenticated (Subscriber+)Privilege Escalation vulnerability

Missing Authorization to Authenticated Subscriber+Privilege Escalation vulnerability discovered by Lucio Sá in WordPress Plugin Login Page Styler versions = 7.1.1...

WordPress Customer Reviews for WooCommerce plugin <= 5.61.0 - Missing Authorization to Authenticated (Subscriber+) Import Cancellation vulnerability

Missing Authorization to Authenticated Subscriber+ Import Cancellation vulnerability discovered by incognito in WordPress Plugin Customer Reviews for WooCommerce versions = 5.61.0...

Simple Blog Card < 1.32 - Subscriber+ Arbitrary Post Access

Description The plugin does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones PoC Run the below command in the developer...

CVE-2023-0875

The WP Meta SEO WordPress plugin before 4.5.3 does not properly sanitize and escape inputs into SQL queries, leading to a blind SQL Injection vulnerability that can be exploited by subscriber+ users...

PT-2022-25232 · WordPress · Wp-Polls

Name of the Vulnerable Software and Affected Versions: WP-Polls plugin versions prior to 2.76.1 Description: A race condition issue exists in the WP-Polls plugin, affecting users with subscriber or higher permissions. This issue can be exploited due to improper synchronization, potentially leadin...

YaySMTP < 2.2.1 - Subscriber+ SMTP Credentials Leak

The plugin does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them PoC Install the plugin and configure any mailer other than Default. Access the wp-admin area with a Subscriber+ use...

CVE-2022-23981

The vulnerability allows Subscriber+ level users to create brands in WordPress Perfect Brands for WooCommerce plugin versions = 2.0.4...

CVE-2022-23981

The vulnerability allows Subscriber+ level users to create brands in WordPress Perfect Brands for WooCommerce plugin versions = 2.0.4...

CVE-2021-24780

The Single Post Exporter WordPress plugin through 1.1.1 does not have CSRF checks when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and give access to the export feature to any role such as subscriber. Subscriber users would then be able...

Cross site request forgery (csrf)

The Single Post Exporter WordPress plugin through 1.1.1 does not have CSRF checks when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and give access to the export feature to any role such as subscriber. Subscriber users would then be able...

Slick Popup <= 1.7.1 - Privilege Escalation

Subscriber users are able to create an administrator account with hardcoded login credentials. PoC Hardcoded username "slickpopupteam" and its password is OmakPass13...