38 matches found
CVE-2025-4315
The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.23. This is due to the plugin allowing a user to update arbitrary user meta through the updateusermeta function. This makes it possible for...
CVE-2025-4315
Summary: CVE-2025-4315 affects the CubeWP – All-in-One Dynamic Content Framework plugin for WordPress. The vulnerability is an authenticated privilege-escalation flaw exploitable by users with Subscriber+ privileges to elevate to Administrator via improper handling of update_user_meta(), affectin...
PT-2025-25201 · WordPress · Cubewp
Name of the Vulnerable Software and Affected Versions: The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress version 1.1.23 and earlier Description: The issue is related to Privilege Escalation, allowing authenticated attackers with Subscriber-level access and above to elevate...
PT-2025-19929 · WordPress · Woocommerce Multiple Addresses
Name of the Vulnerable Software and Affected Versions: WooCommerce Multiple Addresses plugin for WordPress versions up to, and including, 1.0.7.1 Description: The issue is due to insufficient restrictions on user meta that can be updated through the save multiple shipping addresses function. This...
CVE-2025-3418 WPC Admin Columns 2.0.6 - 2.1.0 - Authenticated (Subscriber+) Privilege Escalation via User Meta Update
The WPC Admin Columns plugin for WordPress is vulnerable to privilege escalation in versions 2.0.6 to 2.1.0. This is due to the plugin not properly restricting user meta values that can be updated through the ajaxeditsave function. This makes it possible for authenticated attackers, with...
CVE-2025-2871 WordPress Mega Menu – QuadMenu <= 3.2.0 - Cross-Site Request Forgery to Limited User Meta Update
The WordPress Mega Menu – QuadMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the ajaxdismissnotice function. This makes it possible for unauthenticated attackers to update a...
CVE-2025-1653
The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.2.0. This is due to the stmlistingprofileedit AJAX action not having enough restriction on the user meta that can be updated. This makes it possibl...
CVE-2025-0180 WP Foodbakery <= 4.7 - Unauthenticated Privilege Escalation in foodbakery_registration_validation
The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible for unauthenticated attackers to register on...
CVE-2024-9192
The WordPress Video Robot - The Ultimate Video Importer plugin for WordPress is vulnerable to privilege escalation due to insufficient validation on user meta that can be updated in the wpvrraterequestresult function in all versions up to, and including, 1.20.0. This makes it possible for...
CVE-2024-8253
The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. This is due to the plugin not properly restricting what user meta values can be updated and ensuring a form is active. This makes it possible for authenticated attackers...
CVE-2024-9636 Post Grid and Gutenberg Blocks 2.2.85 - 2.3.3 - Unauthenticated Privilege Escalation
The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in versions 2.2.85 to 2.3.3. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible for unauthenticated attackers to register...
CVE-2024-12172 WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses <= 3.2.21 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Meta Update
The WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpcupdateusermetaoption function in all versions up to, and including, 3.2.21. This makes it...
PT-2024-17469 · WordPress · Wp Courses Lms
Name of the Vulnerable Software and Affected Versions: WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses plugin for WordPress versions up to, and including, 3.2.21 Description: The issue is related to unauthorized access due to a missing capability...
CVE-2024-9192
CVE-2024-9192 affects WordPress Video Robot - The Ultimate Video Importer plugin for WordPress (versions up to 1.20.0). The issue stems from insufficient validation of user meta that can be updated in wpvr_rate_request_result(), enabling authenticated attackers with subscriber-level access or hig...
CVE-2024-9192 WP Video Robot <= 1.20.0 - Authenticated (Subscriber+) Privilege Escalation via User Meta Update
The WordPress Video Robot - The Ultimate Video Importer plugin for WordPress is vulnerable to privilege escalation due to insufficient validation on user meta that can be updated in the wpvrraterequestresult function in all versions up to, and including, 1.20.0. This makes it possible for...
WordPress WP Video Robot plugin <= 1.20.0 - Authenticated (Subscriber+) Privilege Escalation via User Meta Update vulnerability
Authenticated Subscriber+ Privilege Escalation via User Meta Update vulnerability discovered by Tonn in WordPress Plugin WordPress Video Robot - The Ultimate Video Importer versions = 1.20.0...
CVE-2024-6698
The FundEngine plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying user meta updated through the updateusermeta function. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2023-2438
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userprosaveuserdata' function. This makes it possible for unauthenticated attackers to update the user meta and inject...