CVE-2025-14976 User Registration & Membership <= 4.4.8 - Cross-Site Request Forgery to Arbitrary Post Deletion

The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.8. This is due to missing or incorrect nonce...

EUVD-2020-16799

Malware in sbrugna...

CVE-2024-31288 WordPress RapidLoad plugin <= 2.2.11 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in RapidLoad RapidLoad Power-Up for Autoptimize.This issue affects RapidLoad Power-Up for Autoptimize: from n/a through 2.2.11...

Forminator < 1.24.1 - Unauthenticated Race Condition on poll vote

The plugin does not use an atomic operation to check whether a user has already voted, and then update that information. This leads to a Race Condition that may allow a single user to vote multiple times on a poll. PoC 1. Create a poll and publish a page with a poll. 2. Visit the page with the...

Forminator < 1.24.1 - Unauthenticated Race Condition on poll vote

The plugin does not use an atomic operation to check whether a user has already voted, and then update that information. This leads to a Race Condition that may allow a single user to vote multiple times on a poll. 1. Create a poll and publish a page with a poll. 2. Visit the page with the poll. ...

WordPress Yerlte Security Scanner

Yerlte is a vulnerability scanning product. Remote attackers can use Yerlte to detect vulnerabilities on a target WordPress server...