PT-2026-42057

The 診断ジェネレータ作成プラグイン Diagnosis Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'js' parameter in versions up to and including 1.4.16. This is due to missing authorization checks and insufficient input sanitization in the themeFunc function. The function is hooke...

CVE-2026-2559 Post SMTP <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Office 365 OAuth Configuration Overwrite

The Post SMTP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handleoffice365oauthredirect function in all versions up to, and including, 3.8.0. This is due to the function being hooked to admininit without any currentusercan check ...

PT-2026-26069

The Post SMTP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle office365 oauth redirect function in all versions up to, and including, 3.8.0. This is due to the function being hooked to admin init without any current user can...

CVE-2025-14173

The Perfit WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. This is due to missing authorization checks on the logout function called via the actions function hooked to admininit. This makes it possible for unauthenticated...

CVE-2015-9331

The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit...

PT-2025-7500

Name of the Vulnerable Software and Affected Versions IP2Location Country Blocker versions up to, and including, 2.38.8 Description The IP2Location Country Blocker plugin for WordPress is vulnerable to Regular Information Exposure due to missing capability checks on the admin init function. This...

CVE-2024-4468

The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admininit in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber...

PT-2024-31208 · WordPress · Salon Booking System

Name of the Vulnerable Software and Affected Versions: The Salon booking system plugin for WordPress versions up to, and including, 9.9 Description: The issue allows unauthorized access and modification of data due to a missing capability check on several functions hooked into admin init. This...

WordPress Plugin Enjoy Social Feed Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2024-1108

The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admininit function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to change the settings of the plugin, which can...

CVE-2023-0385

The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. This is due to missing or incorrect nonce validation on the custom404proadmininit function. This makes it possible for unauthenticated attackers to delete logs, via forged...

Timelock can be set by anyone except admin since it was not initialize

Lines of code Vulnerability details Impact Timelock can be manipulate by anyone Proof of Concept Timelock NounsDAOExecutor can be set by anyone since timelock was not set acceptAdmin on initialize so it can be manipulate. Tools Used Manual Review Recommended Mitigation Steps Adding...

VulnCheck KEV: CVE-2019-25141

The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. This is due to missing capability checks on the admininit function, in addition to insufficient input validation. This makes it possible for unauthenticated attackers to...