ShortCode Addons - Unauthenticated Options Update

WordPress plugin Shortcode Addons = 3.0.2 contains an unauthenticated arbitrary option update caused by insufficient access controls in the plugin, letting attackers modify options without authentication. id: CVE-2022-34487 info: name: ShortCode Addons - Unauthenticated Options Update author:...

CVE-2025-47601

CVE-2025-47601 concerns the WordPress MaxiBlocks plugin. Affected software: MaxiBlocks versions up to 2.1.0 (listed as n/a through 2.1.0). Root cause: Missing authorization enables privilege escalation. CVSSv3.1 base score 8.8 (High); attack vector Network, authentication required Low, user inter...

CVE-2025-47601 WordPress MaxiBlocks plugin <= 2.1.0 - Arbitrary Option Update to Privilege Escalation vulnerability

Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks maxi-blocks allows Privilege Escalation.This issue affects MaxiBlocks: from n/a through = 2.1.0...

CVE-2025-2907 Order Delivery Date Pro for WooCommerce < 12.3.1 - Unauthenticated Arbitrary Option Update

The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Furthermore it also lacks proper checks to only update options relevant to the Order Delivery Date WordPress plugin before 12.3.1. This leads to attackers being able to modi...

CVE-2025-39533 WordPress Starfish Review Generation & Marketing plugin <= 3.1.19 - Privilege Escalation vulnerability

Missing Authorization vulnerability in Starfish Reviews Starfish Review Generation & Marketing starfish-reviews allows Privilege Escalation.This issue affects Starfish Review Generation & Marketing: from n/a through = 3.1.19...

WordPress WPC Smart Upsell Funnel for WooCommerce plugin <= 3.0.4 - Arbitrary Option Update to Privilege Escalation vulnerability

Arbitrary Option Update to Privilege Escalation vulnerability discovered by LVT-tholv2k in WordPress Plugin WPC Smart Upsell Funnel for WooCommerce versions = 3.0.4...

WordPress Residential Address Detection Plugin <= 2.5.4 - Arbitrary Option Update to Privilege Escalation vulnerability

Arbitrary Option Update to Privilege Escalation vulnerability discovered by LVT-tholv2k in WordPress Plugin Residential Address Detection versions = 2.5.4...

WordPress Buzz Club Theme plugin <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Option Update vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Arbitrary Option Update vulnerability discovered by Lucio Sá in WordPress Theme Buzz Club versions = 2.0.4...

WordPress Minterpress plugin <= 1.0.5 - Arbitrary Option Update to Privilege Escalation vulnerability

Arbitrary Option Update to Privilege Escalation vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Minterpress versions = 1.0.5...

WordPress Booking & Appointment Plugin for WooCommerce plugin <= 6.9.0 - Authenticated (Subscriber+) Arbitrary Option Update vulnerability

Authenticated Subscriber+ Arbitrary Option Update vulnerability discovered by István Márton in WordPress Plugin Booking & Appointment Plugin for WooCommerce versions = 6.9.0...

CVE-2024-52382 WordPress Matix Popup Builder plugin <= 1.0.0 - Arbitrary Option Update to Privilege Escalation vulnerability

Missing Authorization vulnerability in medmatech Matix Popup Builder medma-matix allows Privilege Escalation.This issue affects Matix Popup Builder: from n/a through = 1.0.0...

CVE-2024-50476 WordPress GRÜN spendino Spendenformular plugin <= 1.0.1 - Arbitrary Option Update to Privilege Escalation vulnerability

Missing Authorization vulnerability in GRÜN Software Group GmbH GRÜN spendino Spendenformular spendino allows Privilege Escalation.This issue affects GRÜN spendino Spendenformular: from n/a through = 1.0.1...

CVE-2024-50490 WordPress PegaPoll plugin <= 1.0.2 - Arbitrary Option Update to Privilege Escalation vulnerability

Missing Authorization vulnerability in lowcage PegaPoll pegapoll allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PegaPoll: from n/a through = 1.0.2...

WordPress PegaPoll plugin <= 1.0.2 - Arbitrary Option Update to Privilege Escalation vulnerability

Arbitrary Option Update to Privilege Escalation vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin PegaPoll versions = 1.0.2...

CVE-2024-33564 WordPress XStore theme <= 9.3.8 - Arbitrary Option Update vulnerability

Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8...

CVE-2024-33564 WordPress XStore theme <= 9.3.8 - Arbitrary Option Update vulnerability

Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8...

WordPress EAN for WooCommerce plugin <= 4.8.9 - Arbitrary Option Update to Privilege Escalation vulnerability

Arbitrary Option Update to Privilege Escalation vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin EAN for WooCommerce versions = 4.8.9...

WordPress XStore theme <= 9.3.8 - Arbitrary Option Update vulnerability

Arbitrary Option Update vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme XStore versions = 9.3.8...

CVE-2023-6048 Estatik Real Estate Plugin < 4.1.1 - Subscriber+ Arbitrary Option Update

The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not prevent user with low privileges on the site, like subscribers, from setting any of the site's options to 1, which could be used to break sites and lead to DoS when certain options are reset...

Estatik Real Estate Plugin < 4.1.1 - Subscriber+ Arbitrary Option Update

Description The plugin does not prevent user with low privileges on the site, like subscribers, from setting any of the site's options to 1, which could be used to break sites and lead to DoS when certain options are reset Run the below command in the developer console of the web browser while...