CVE-2026-24388

Missing Authorization vulnerability in Ludwig You WPMasterToolKit wpmastertoolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPMasterToolKit: from n/a through = 2.14.0...

CVE-2026-24388

Missing Authorization vulnerability in Ludwig You WPMasterToolKit wpmastertoolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPMasterToolKit: from n/a through = 2.14.0...

CVE-2026-24388

CVE-2026-24388 is a Missing Authorization/Broken Access Control vulnerability in the WordPress plugin WPMasterToolKit (WPMTK) affecting versions up to and including 2.14.0. Multiple connected sources confirm the issue and classify the impact as partial confidentiality/integrity loss with no explo...

CVE-2026-24388 WordPress WPMasterToolKit plugin <= 2.14.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ludwig You WPMasterToolKit wpmastertoolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPMasterToolKit: from n/a through = 2.14.0...

CVE-2026-24388 WordPress WPMasterToolKit plugin <= 2.14.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ludwig You WPMasterToolKit wpmastertoolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPMasterToolKit: from n/a through = 2.14.0...

WordPress plugin WPMasterToolKit has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-4271

Missing Authorization vulnerability in Ludwig You WPMasterToolKit wpmastertoolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPMasterToolKit: from n/a through = 2.14.0...

WordPress WPMasterToolKit plugin <= 2.14.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WPMasterToolKit versions = 2.14.0...

CVE-2025-14166

The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.13.0. This is due to the plugin allowing Author-level users to create and execute arbitrary PHP code through the Code Snippets feature without proper capability checks. This makes ...

WordPress WPMasterToolKit (WPMTK) plugin <= 2.13.0 - Authenticated (Author+) Code Injection vulnerability

Authenticated Author+ Code Injection vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin WPMasterToolKit versions = 2.13.0...

CVE-2025-14166

The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.13.0. This is due to the plugin allowing Author-level users to create and execute arbitrary PHP code through the Code Snippets feature without proper capability checks. This makes ...

CVE-2025-14166 WPMasterToolKit (WPMTK) <= 2.13.0 - Authenticated (Contributor+) Code Injection

The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.13.0. This is due to the plugin allowing Author-level users to create and execute arbitrary PHP code through the Code Snippets feature without proper capability checks. This makes ...

CVE-2025-14166

CVE-2025-14166 concerns the WordPress plugin WPMasterToolKit (WPMTK) up to version 2.13.0. The source documents confirm that an authenticated user with Contributor+ or Author+ roles can exploit Code Snippets via the plugin to inject PHP code on the server, enabling remote code execution and poten...

WordPress plugin WPMasterToolKit 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code...

PT-2025-50863

The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.13.0. This is due to the plugin allowing Author-level users to create and execute arbitrary PHP code through the Code Snippets feature without proper capability checks. This makes ...

EUVD-2024-53046

Malicious code in bioql PyPI...

EUVD-2025-12127

Malicious code in bioql PyPI...

CVE-2024-56248

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Ludwig You WPMasterToolKit wpmastertoolkit allows Path Traversal.This issue affects WPMasterToolKit: from n/a through = 1.13.1...

CVE-2025-3300

The WPMasterToolKit WPMTK – All in one plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to read and modify the contents of arbitrary files on...

CVE-2025-3300

The WPMasterToolKit WPMTK – All in one plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to read and modify the contents of arbitrary files on...