CVE-2025-13529

The Unify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'init' action in all versions up to, and including, 3.4.9. This makes it possible for unauthenticated attackers to delete specific plugin options via the 'unifyplugindowngrad...

CVE-2025-13529

The Unify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'init' action in all versions up to, and including, 3.4.9. This makes it possible for unauthenticated attackers to delete specific plugin options via the 'unifyplugindowngrad...

CVE-2025-13529 Unify <= 3.4.9 - Missing Authorization to Unauthenticated Option Deletion via 'unify_plugin_downgrade' Parameter

The Unify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'init' action in all versions up to, and including, 3.4.9. This makes it possible for unauthenticated attackers to delete specific plugin options via the 'unifyplugindowngrad...

CVE-2025-13529 Unify <= 3.4.9 - Missing Authorization to Unauthenticated Option Deletion via 'unify_plugin_downgrade' Parameter

The Unify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'init' action in all versions up to, and including, 3.4.9. This makes it possible for unauthenticated attackers to delete specific plugin options via the 'unifyplugindowngrad...

CVE-2025-13529

CVE-2025-13529 affects the Unify WordPress plugin (up to version 3.4.9), with an unauthorized data modification vulnerability caused by a missing capability check on the init action. Wordfence’s vulnerability report confirms the issue as Missing Authorization to Unauthenticated Option Deletion vi...

WordPress Unify plugin <= 3.4.9 - Missing Authorization to Unauthenticated Option Deletion via 'unify_plugin_downgrade' Parameter vulnerability

Missing Authorization to Unauthenticated Option Deletion via 'unifyplugindowngrade' Parameter vulnerability discovered by Legion Hunter in WordPress Plugin Unify versions = 3.4.9...

PT-2026-1595

Name of the Vulnerable Software and Affected Versions Unify plugin for WordPress versions up to and including 3.4.9 Description The Unify plugin for WordPress is susceptible to unauthorized data modification because of a missing capability check on the 'init' action. This allows unauthenticated...

WordPress plugin Unify 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress Unify plugin <= 3.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via unify_checkout Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via unifycheckout Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Unify versions = 3.4.7...

CVE-2025-9130

The Unify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin for WordPress's unifycheckout shortcode in all versions up to, and including, 3.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-9130 Unify <= 3.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via unify_checkout Shortcode

The Unify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin for WordPress's unifycheckout shortcode in all versions up to, and including, 3.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-9130 Unify <= 3.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via unify_checkout Shortcode

The Unify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin for WordPress's unifycheckout shortcode in all versions up to, and including, 3.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress plugin Unify 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

WordPress Unify plugin <= 3.2.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered in WordPress Unify plugin versions = 3.2.5. Solution Update the WordPress Unify plugin to the latest available version at least 3.3.0...

WordPress Unify plugin <= 3.2.5 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered in WordPress Unify plugin versions = 3.2.5. Solution Update the WordPress Unify plugin to the latest available version at least 3.3.0...