5 matches found
CVE-2025-12348
CVE-2025-12348 is an issue in the Icegram Express Email Subscribers & Newsletters WordPress plugin. According to the connected Wordfence document, versions up to and including 5.9.10 are vulnerable to Missing Authorization in the run_action_scheduler_task function, allowing unauthenticated attack...
PT-2025-50244
Name of the Vulnerable Software and Affected Versions STVS ProVision version 5.9.10 Description The software contains a cross-site request forgery issue. This allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. An attacker can create new...
CVE-2024-43235
Missing Authorization vulnerability in MetaBox.Io Meta Box – WordPress Custom Fields Framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meta Box – WordPress Custom Fields Framework: from n/a through 5.9.10...
WordPress Event post plugin <= 5.9.10 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Francesco Carlucci in WordPress Plugin Event post versions = 5.9.10...
PT-2024-21408 · WordPress · Essential Addons For Elementor
Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor plugin for WordPress versions up to, and including, 5.9.10 Description: The issue is related to Stored Cross-Site Scripting via the alignment parameter in the Woo Product Carousel widget. This is due to...