CVE-2026-5293 診断ジェネレータ作成プラグイン <= 1.4.16 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'js' Parameter

The 診断ジェネレータ作成プラグイン Diagnosis Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'js' parameter in versions up to and including 1.4.16. This is due to missing authorization checks and insufficient input sanitization in the themeFunc function. The function is hooke...

WordPress plugin HM Books Gallery 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

CVE-2024-4468

The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admininit in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber...

CVE-2025-1361

The IP2Location Country Blocker plugin for WordPress is vulnerable to Regular Information Exposure in all versions up to, and including, 2.38.8 due to missing capability checks on the admininit function. This makes it possible for unauthenticated attackers to view the plugin's settings...

CVE-2024-4468

The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admininit in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber...

CVE-2024-4468

CVE-2024-4468 concerns the Salon Booking System plugin for WordPress. The issue arises from a missing capability check on functions hooked into admin_init, allowing authenticated users with subscriber access or higher to modify plugin settings and view discount codes intended for other users. Aff...

CVE-2024-4468 Salon booking system <= 9.9 - Missing Authorization

The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admininit in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber...

WordPress plugin Salon booking system security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in the WordPre...

BEAR <= 1.1.4.1 & WOLF <= 1.0.8.1 - Cross-Site Request Forgery to Notice Dismissal

Description Multiple plugins and/or themes for WordPress are vulnerable to Cross-Site Request Forgery in various versions. This is due to missing or incorrect nonce validation on the admininit hook. This makes it possible for unauthenticated attackers to dismiss notices via a forged request grant...

CVE-2024-1093 Change Memory Limit <= 1.0 - Missing Authorization via admin_logic()

The Change Memory Limit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the adminlogic function hooked via admininit in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update the memory...

WordPress Plugin Change Memory Limit Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Change Memory Limit <= 1.0 - Missing Authorization via admin_logic()

Description The Change Memory Limit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the adminlogic function hooked via admininit in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update t...

CVE-2024-1108

The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admininit function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to change the settings of the plugin, which can...

Design/Logic Flaw

The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admininit function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to change the settings of the plugin, which can...

CVE-2024-1108

CVE-2024-1108 affects the WordPress plugin Plugin Groups. Root cause: missing capability check in admin_init() for versions up to and including 2.0.6. Impact per sources: unauthenticated attackers can modify plugin settings and misconfiguration may cause denial of service. Exploitation status is ...

avalex – Automatisch sichere Rechtstexte < 3.0.9 - Missing Authorization

Description The plugin is vulnerable to unauthorized modifcation of data due to a missing capability check on the saveApiKey function hooked via admininit in all versions up to, and including, 3.0.8. This makes it possible for unauthenticated attackers to modify the API key for the plugin...

CVE-2023-6529

The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admininit, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities...

Cross site request forgery (csrf)

The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admininit, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities...

CVE-2023-6600

The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the updatesettings function hooked via admininit in all versions up to, and including, 5.7.9. Th...

CVE-2023-6600

CVE-2023-6600 affects the OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. WordPress plugin (versions up to 5.7.9). The vulnerability stems from a missing capability check in update_settings() hooked via admin_init, enabling unauthenticated modification of the plugin’s settings, which can ...