48 matches found
ShortCode Addons - Unauthenticated Options Update
WordPress plugin Shortcode Addons = 3.0.2 contains an unauthenticated arbitrary option update caused by insufficient access controls in the plugin, letting attackers modify options without authentication. id: CVE-2022-34487 info: name: ShortCode Addons - Unauthenticated Options Update author:...
CVE-2026-0845
The CVE affects the WordPress ecosystem: WCFM – Frontend Manager for WooCommerce with the Bookings Subscription Listings Compatible plugin for WordPress. It has a missing capability check in WCFM_Settings_Controller::processing across all versions up to and including 6.7.24, allowing authenticate...
CVE-2025-47601 WordPress MaxiBlocks plugin <= 2.1.0 - Arbitrary Option Update to Privilege Escalation vulnerability
Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks maxi-blocks allows Privilege Escalation.This issue affects MaxiBlocks: from n/a through = 2.1.0...
CVE-2025-47601
CVE-2025-47601 concerns the WordPress MaxiBlocks plugin. Affected software: MaxiBlocks versions up to 2.1.0 (listed as n/a through 2.1.0). Root cause: Missing authorization enables privilege escalation. CVSSv3.1 base score 8.8 (High); attack vector Network, authentication required Low, user inter...
CVE-2025-2907 Order Delivery Date Pro for WooCommerce < 12.3.1 - Unauthenticated Arbitrary Option Update
The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Furthermore it also lacks proper checks to only update options relevant to the Order Delivery Date WordPress plugin before 12.3.1. This leads to attackers being able to modi...
CVE-2025-39533 WordPress Starfish Review Generation & Marketing plugin <= 3.1.19 - Privilege Escalation vulnerability
Missing Authorization vulnerability in Starfish Reviews Starfish Review Generation & Marketing starfish-reviews allows Privilege Escalation.This issue affects Starfish Review Generation & Marketing: from n/a through = 3.1.19...
WordPress WPC Smart Upsell Funnel for WooCommerce plugin <= 3.0.4 - Arbitrary Option Update to Privilege Escalation vulnerability
Arbitrary Option Update to Privilege Escalation vulnerability discovered by LVT-tholv2k in WordPress Plugin WPC Smart Upsell Funnel for WooCommerce versions = 3.0.4...
WordPress Residential Address Detection Plugin <= 2.5.4 - Arbitrary Option Update to Privilege Escalation vulnerability
Arbitrary Option Update to Privilege Escalation vulnerability discovered by LVT-tholv2k in WordPress Plugin Residential Address Detection versions = 2.5.4...
WordPress Buzz Club Theme plugin <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Option Update vulnerability
Missing Authorization to Authenticated Subscriber+ Limited Arbitrary Option Update vulnerability discovered by Lucio Sá in WordPress Theme Buzz Club versions = 2.0.4...
WordPress WPLMS plugin <= 1.9.9 - Arbitrary Option Update to Privilege Escalation vulnerability
Arbitrary Option Update to Privilege Escalation vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WPLMS versions = 1.9.9...
WordPress Minterpress plugin <= 1.0.5 - Arbitrary Option Update to Privilege Escalation vulnerability
Arbitrary Option Update to Privilege Escalation vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Minterpress versions = 1.0.5...
WordPress Quietly Insights plugin <= 1.2.2 - Arbitrary Option Update to Privilege Escalation vulnerability
Arbitrary Option Update to Privilege Escalation vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Quietly Insights versions = 1.2.2...
WordPress Eyewear prescription form plugin <= 4.0.18 - Arbitrary Option Update to Privilege Escalation vulnerability
Arbitrary Option Update to Privilege Escalation vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Eyewear prescription form versions = 4.0.18...
PT-2024-16909 · WordPress · Ai Quiz | Quiz Maker
Name of the Vulnerable Software and Affected Versions: AI Quiz | Quiz Maker plugin for WordPress versions up to, and including, 1.1 Description: The issue allows unauthorized modification of data, leading to privilege escalation due to a missing capability check on the ai quiz update style...
WordPress Booking & Appointment Plugin for WooCommerce plugin <= 6.9.0 - Authenticated (Subscriber+) Arbitrary Option Update vulnerability
Authenticated Subscriber+ Arbitrary Option Update vulnerability discovered by István Márton in WordPress Plugin Booking & Appointment Plugin for WooCommerce versions = 6.9.0...
CVE-2024-52382 WordPress Matix Popup Builder plugin <= 1.0.0 - Arbitrary Option Update to Privilege Escalation vulnerability
Missing Authorization vulnerability in medmatech Matix Popup Builder medma-matix allows Privilege Escalation.This issue affects Matix Popup Builder: from n/a through = 1.0.0...
WordPress Matix Popup Builder plugin <= 1.0.0 - Arbitrary Option Update to Privilege Escalation vulnerability
Arbitrary Option Update to Privilege Escalation vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Matix Popup Builder versions = 1.0.0...
CVE-2024-50476 WordPress GRÜN spendino Spendenformular plugin <= 1.0.1 - Arbitrary Option Update to Privilege Escalation vulnerability
Missing Authorization vulnerability in GRÜN Software Group GmbH GRÜN spendino Spendenformular spendino allows Privilege Escalation.This issue affects GRÜN spendino Spendenformular: from n/a through = 1.0.1...
CVE-2024-50490 WordPress PegaPoll plugin <= 1.0.2 - Arbitrary Option Update to Privilege Escalation vulnerability
Missing Authorization vulnerability in lowcage PegaPoll pegapoll allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PegaPoll: from n/a through = 1.0.2...
CVE-2024-50490 WordPress PegaPoll plugin <= 1.0.2 - Arbitrary Option Update to Privilege Escalation vulnerability
Missing Authorization vulnerability in lowcage PegaPoll pegapoll allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PegaPoll: from n/a through = 1.0.2...