CVE-2026-2518

The FastX theme for WordPress is vulnerable to unauthorized limited plugin installation and activation due to missing capability checks on the 'ultpinstallcallback' and 'ultpactivatecallback' functions in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers...

CVE-2025-10849

CVE-2025-10849 : Felan Framework WordPress plugin contains an unauthorized data modification vulnerability due to a missing capability check in process_plugin_actions (AJAX). Affected versions up to 1.1.4 allow unauthenticated attackers to activate/deactivate plugins. Wordfence lists the patch st...

CVE-2025-8606

The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less than, or equal to, 1.3.23. This is due to missing or incorrect nonce validation on the activateplugin and deactivateplugin functions. This makes it possible for attackers to tri...

EUVD-2019-11585

Malware in sbrugna...

PT-2024-38024 · WordPress +1 · Orchid Store +1

Name of the Vulnerable Software and Affected Versions: Orchid Store theme for WordPress versions up to, and including, 1.5.6 Description: The issue is related to a missing capability check on the orchid store activate plugin function, allowing authenticated attackers with Subscriber-level access...

PT-2023-11378 · WordPress · Funnel Builder

Name of the Vulnerable Software and Affected Versions: Funnel Builder plugin for WordPress versions up to, and including, 1.3.0 Description: The issue is related to authorization bypass due to a missing capability check on the activate plugin function. This allows authenticated attackers to...