47 matches found
CVE-2026-7654 Admin Columns <= 7.0.18 - Authenticated (Contributor+) PHP Object Injection to Remote Code Execution via Custom Field Meta Value
The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of unserialize without an allowedclasses restriction in the IdsToCollection::getidsfromstring function, which processes...
EUVD-2021-11278
Malware in sbrugna...
EUVD-2021-11279
Malware in sbrugna...
EUVD-2025-10842
Malicious code in bioql PyPI...
CVE-2021-24366
The Admin Columns WordPress plugin before 4.3 and Admin Columns Pro WordPress plugin before 5.5.1 do not sanitise and escape its Label settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowe...
CVE-2025-3418
The WPC Admin Columns plugin for WordPress is vulnerable to privilege escalation in versions 2.0.6 to 2.1.0. This is due to the plugin not properly restricting user meta values that can be updated through the ajaxeditsave function. This makes it possible for authenticated attackers, with...
CVE-2025-3418 WPC Admin Columns 2.0.6 - 2.1.0 - Authenticated (Subscriber+) Privilege Escalation via User Meta Update
The WPC Admin Columns plugin for WordPress is vulnerable to privilege escalation in versions 2.0.6 to 2.1.0. This is due to the plugin not properly restricting user meta values that can be updated through the ajaxeditsave function. This makes it possible for authenticated attackers, with...
CVE-2025-3418
CVE-2025-3418 affects WPC Admin Columns for WordPress. The issue is a privilege-escalation via the ajax_edit_save path: authenticated users with Subscriber+ can update their user meta to elevate to administrator, due to insufficient access control on that update. Root cause: missing/weak authoriz...
CVE-2025-3418 WPC Admin Columns 2.0.6 - 2.1.0 - Authenticated (Subscriber+) Privilege Escalation via User Meta Update
The WPC Admin Columns plugin for WordPress is vulnerable to privilege escalation in versions 2.0.6 to 2.1.0. This is due to the plugin not properly restricting user meta values that can be updated through the ajaxeditsave function. This makes it possible for authenticated attackers, with...
WordPress plugin WPC Admin Columns 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
PT-2025-16169 · WordPress · Wpc Admin Columns
Name of the Vulnerable Software and Affected Versions: WPC Admin Columns plugin for WordPress versions 2.0.6 through 2.1.0 Description: The issue is related to privilege escalation due to the plugin not properly restricting user meta values that can be updated through the ajax edit save function...
WordPress WPC Admin Columns plugin 2.0.6-2.1.0 - Authenticated (Subscriber+) Privilege Escalation via User Meta Update vulnerability
Authenticated Subscriber+ Privilege Escalation via User Meta Update vulnerability discovered by kr0d in WordPress Plugin WPC Admin Columns versions 2.0.6-2.1.0...
WP Adminify < 3.1.6 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Several fields in the plugin are...
WP Adminify < 3.1.6 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Several fields in the plugin are...
WordPress Admin Columns plugin < 4.3 XSS Vulnerability
The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
WordPress Admin Columns plugin < 4.3.2 XSS Vulnerability
The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
CVE-2021-24365
The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5.5.2 allowed to configure individual columns for tables. Each column had a type. The type "Custom Field" allowed to choose an arbitrary database column to display in the table. There was no escaping applied to the contents of...
CVE-2021-24365
The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5.5.2 allowed to configure individual columns for tables. Each column had a type. The type "Custom Field" allowed to choose an arbitrary database column to display in the table. There was no escaping applied to the contents of...
Design/Logic Flaw
The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5.5.2 allowed to configure individual columns for tables. Each column had a type. The type "Custom Field" allowed to choose an arbitrary database column to display in the table. There was no escaping applied to the contents of...
CVE-2021-24365
The CVE-2021-24365 entry concerns the Admin Columns WordPress plugin (Free < 4.3.2; Pro