WordPress Frontend Dashboard plugin 1.5.10 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via ajax_request Function vulnerability

WordPress Frontend Dashboard plugin 1.5.10 - 2.2.7 - Missing Authorization to Authenticated Subscriber+ Account Takeover/Privilege Escalation via ajaxrequest Function vulnerability discovered by kr0d in WordPress Plugin Frontend Dashboard versions 1.5.10-2.2.7...

CVE-2025-6755 Game Users Share Buttons <= 1.3.0 - Authenticated (Subscriber+) Arbitrary File Deletion via themeNameId Parameter

The Game Users Share Buttons plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ajaxDeleteTheme function in all versions up to, and including, 1.3.0. This makes it possible for Subscriber-level attackers to add arbitrary file paths such a...

CVE-2024-57076

A prototype pollution in the lib.post function of ajax-request v1.2.3 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

CVE-2020-17496

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759...