9 matches found
CVE-2026-6451
CVE-2026-6451 affects the WordPress plugin “cms-fuer-motorrad-werkstaetten” (versions
EUVD-2025-203951
AVideo versions prior to 20.0 with the ImageGallery plugin enabled is vulnerable to unauthenticated file upload and deletion. Plugin endpoints responsible for managing gallery images fail to enforce authentication checks and do not validate ownership, allowing unauthenticated attackers to upload ...
AVideo 访问控制错误漏洞
AVideo is an open source broadcast network creation tool from World Wide Broadcast Network. An access control error vulnerability exists in AVideo versions prior to 20.0 that stems from a lack of authentication and ownership verification in the ImageGallery plugin endpoint, which could lead to...
CVE-2025-13987
The Purchase and Expense Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing nonce validation on the 'suppthandledeletion' function. This makes it possible for unauthenticated attackers to delete arbitrary...
CVE-2025-11996 Find Unused Images <= 1.0.7 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion
The Find Unused Images plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the fuideleteimage and fuideleteallimages functiosn in all versions up to, and including, 1.0.7. This makes it possible for unauthenticated attackers to delete all of a site...
CVE-2025-11154
The IDonate WordPress plugin before 2.1.13 does not have authorisation and CSRF when deleting users via an action handler, allowing unauthenticated attackers to delete arbitrary users...
WordPress plugin WordPress GDPR 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin...
PT-2024-38424 · WordPress · Favicon Generator
Name of the Vulnerable Software and Affected Versions: Favicon Generator plugin for WordPress versions up to, and including, 1.5 Description: The Favicon Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the output sub admin...
PT-2023-27345 · WordPress · Radio Player
Name of the Vulnerable Software and Affected Versions: Radio Player plugin for WordPress versions up to, and including, 2.0.73 Description: The issue is related to a missing capability check on the delete player function, allowing unauthenticated attackers to modify data by deleting player...