2 matches found
CVE-2026-12133
The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Group Deletion in versions up to, and including, 5.7.8. This is due to a missing capability check in the joomsportseasongroupdel AJAX handler, which only...
URL Shortify < 1.5.1 - Arbitrary Link/Group Deletion via CSRF
The plugin does not have CSRF check in place when bulk-deleting links or groups, which could allow attackers to make a logged in admin delete arbitrary link and group via a CSRF attack. PoC https://example.com/wp-admin/admin.php?page=uslinks=bulkdeleteids=1...