CVE-2025-5692

The Lead Form Data Collection to CRM plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the /includes/LBadminajax.php file in all versions up to, and including, 3.1. This makes it possible for authenticated attackers, with...

CVE-2018-5655

An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php security parameter...

Slimstat Analytics < 4.9.3.3 - Subscriber+ SQL Injection

The plugin does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query. While logged in as a subscriber, send the following request: await fetch'/wp-admin/admin-ajax.php',method:'POST', headers: 'Content-Type':...

WP Edit Menu < 1.5.0 - Unauthenticated Arbitrary Post Deletion

The plugin does not have authorisation and CSRF in an AJAX action, which could allow unauthenticated attackers to delete arbitrary posts/pages from the blog https://example.com/wp-admin/admin-ajax.php?action=filtermenu&val=post-id...

CVE-2017-18634

The newspaper theme before 6.7.2 for WordPress has script injection via tdadsheader to admin-ajax.php...

AST-2009-009: Cross-site AJAX request vulnerability

Asterisk Project Security Advisory - AST-2009-009 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | Cross-site AJAX request vulnerability |...