WordPress WP Adminify plugin <= 4.0.7.7 - Unauthenticated Sensitive Information Exposure via 'get-addons-list' REST API vulnerability

Unauthenticated Sensitive Information Exposure via 'get-addons-list' REST API vulnerability discovered by ibrahimsql in WordPress Plugin WP Adminify versions = 4.0.7.7...

CVE-2026-1060 WP Adminify <= 4.0.7.7 - Unauthenticated Sensitive Information Exposure via 'get-addons-list' REST API

The WP Adminify plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.7.7 via the /wp-json/adminify/v1/get-addons-list REST API endpoint. The endpoint is registered with permissioncallback set to returntrue, allowing unauthenticated attacke...

CVE-2025-68592

Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through = 4.0.6.1...

EUVD-2025-205242

Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through = 4.0.6.1...

CVE-2025-68592

Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through = 4.0.6.1...

CVE-2025-68593

Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through = 4.0.6.1...

CVE-2025-68592

Technical details for CVE-2025-68592 are not publicly provided in the supplied documents. Please monitor for updates from official advisories.

PT-2025-53281

Name of the Vulnerable Software and Affected Versions WP Adminify versions through 4.0.6.1 Description The software contains a missing authorization issue that allows exploiting incorrectly configured access control security levels. Recommendations Update WP Adminify to a version later than 4.0.6...

CVE-2023-52132

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jewel Theme WP Adminify.This issue affects WP Adminify: from n/a through 3.1.6...

CVE-2023-52132

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jewel Theme WP Adminify.This issue affects WP Adminify: from n/a through 3.1.6...

CVE-2023-4060

The WP Adminify WordPress plugin before 3.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...