9 matches found
CVE-2026-6393
The BetterDocs plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.3.11. This is due to a missing capability check in the generateopenaicontentcallback function, which relies solely on a nonce rather than verifying user permissions. This makes it possible...
CVE-2026-6393 BetterDocs <= 4.3.11 - Missing Authorization to Authenticated (Subscriber+) Unauthorized AI API Usage
The BetterDocs plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.3.11. This is due to a missing capability check in the generateopenaicontentcallback function, which relies solely on a nonce rather than verifying user permissions. This makes it possible...
PT-2026-34851
The BetterDocs plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.3.11. This is due to a missing capability check in the generate openai content callback function, which relies solely on a nonce rather than verifying user permissions. This makes it...
EUVD-2024-32527
Malicious code in bioql PyPI...
CVE-2024-3961
The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tagsubscriber function in all versions up to, and including, 2.4.9. This makes it possible for...
CVE-2024-3961
The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tagsubscriber function in all versions up to, and including, 2.4.9. This makes it possible for...
CVE-2024-3961 ConvertKit <= 2.4.9 - Missing Authorization
The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tagsubscriber function in all versions up to, and including, 2.4.9. This makes it possible for...
CVE-2024-3961 ConvertKit <= 2.4.9 - Missing Authorization
The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tagsubscriber function in all versions up to, and including, 2.4.9. This makes it possible for...
CVE-2024-3961
CVE-2024-3961 affects the ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages WordPress plugin up to version 2.4.9. The vulnerability arises from a missing capability check in the tag_subscriber function, enabling unauthenticated attackers to subscribe users to tags, pot...