998 matches found
CVE-2025-15157 Starfish Review Generation & Marketing for WordPress <= 3.1.19 - Authenticated (Subscriber+) Arbitrary Options Update via srm_restore_options_defaults
The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'srmrestoreoptionsdefaults' function in all versions up to, and including, 3.1.19. This...
CVE-2026-1786 Twitter posts to Blog <= 1.11.25 - Missing Authorization to Unauthenticated Plugin Settings Update
The Twitter posts to Blog plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dgtwoptions' function in all versions up to, and including, 1.11.25. This makes it possible for unauthenticated attackers to update plugin settings including...
CVE-2026-0845 WCFM - WooCommerce Frontend Manager <= 6.7.24 - Authenticated (Shop Manager+) Arbitrary Options Update
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'WCFMSettingsController::processing' function in...
CVE-2025-15476
The The Bucketlister plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bucketlisterdoadminajax function in all versions up to, and including, 0.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and...
EUVD-2025-206893
The The Bucketlister plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bucketlisterdoadminajax function in all versions up to, and including, 0.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2026-0593
The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processBackgroundAction function in all versions up to, and including, 10.0.04. This makes it possible for authenticated attackers, with...
CVE-2026-1103
The AIKTP plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the /aiktp/getToken REST API endpoint in all versions up to, and including, 5.0.04. The endpoint uses the 'verifyuserloggedin' as a permission callback, which only checks if a...
CVE-2026-1103 AIKTP <= 5.0.04 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrator Actions
The AIKTP plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the /aiktp/getToken REST API endpoint in all versions up to, and including, 5.0.04. The endpoint uses the 'verifyuserloggedin' as a permission callback, which only checks if a...
WordPress plugin All-in-One Video Gallery has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-4587
The AIKTP plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the /aiktp/getToken REST API endpoint in all versions up to, and including, 5.0.04. The endpoint uses the 'verify user logged in' as a permission callback, which only checks if...
WordPress plugin WP Go Maps has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2025-70985
Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily modify data outside of their scope...
CVE-2025-70985
Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily modify data outside of their scope...
CVE-2025-15347
The Creator LMS – The LMS for Creators, Coaches, and Trainers plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check in the getitemspermissionscheck function in all versions up to, and including, 1.1.12. This...
EUVD-2026-3532
Vulnerability in the Oracle Life Sciences Central Coding product of Oracle Health Sciences Applications component: Platform. The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life...
EUVD-2026-3579
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: Filesystems. The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes ...
EUVD-2026-3587
Vulnerability in the Oracle Planning and Budgeting Cloud Service product of Oracle Hyperion component: EPM Agent. The supported version that is affected is 25.04.07. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Planning and Budgeti...
CVE-2026-21930
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: Filesystems. The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes ...
CVE-2026-21924
Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications component: General. Supported versions that are affected are 4.4.0.3.0, 4.5.0.0.0, 4.5.0.1.1, 4.5.0.1.3, 4.5.0.2.0, 25.4 and 25.10. Easily exploitable vulnerability allows low privileged attacker...
CVE-2026-21924
Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications component: General. Supported versions that are affected are 4.4.0.3.0, 4.5.0.0.0, 4.5.0.1.1, 4.5.0.1.3, 4.5.0.2.0, 25.4 and 25.10. Easily exploitable vulnerability allows low privileged attacker...