276 matches found
PT-2026-5057
The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...
WordPress plugin User Activity Log security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress Creator LMS - The LMS for Creators, Coaches, and Trainers plugin <= 1.1.12 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update vulnerability
WordPress Creator LMS - The LMS for Creators, Coaches, and Trainers plugin = 1.1.12 - Missing Authorization to Authenticated Contributor+ Arbitrary Options Update vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin Creator LMS versions = 1.1.12...
CVE-2025-15347
The Creator LMS WordPress plugin (
WordPress plugin Creator LMS has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...
PT-2026-2310
Name of the Vulnerable Software and Affected Versions hermes versions 0.8.1 through 0.9.0 Description hermes, a software publication automation workflow, exhibits a flaw where subcommands accept arbitrary options through the -O argument. Providing sensitive data, such as API tokens e.g., via herm...
CVE-2025-14370 Quote Comments <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Update
The Quote Comments plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.0. This is due to missing authorization checks in the quotecommentsaddadmin function. This makes it possible for authenticated attackers, with Subscriber-level access and above...
WordPress Checkout Mestres do WP for WooCommerce plugin 8.6.5 - 8.7.5 - Unauthenticated Arbitrary Options Update vulnerability
WordPress Checkout Mestres do WP for WooCommerce plugin 8.6.5 - 8.7.5 - Unauthenticated Arbitrary Options Update vulnerability discovered by kr0d in WordPress Plugin Checkout Mestres WP versions 8.6.5-8.7.5...
WordPress Email Notifications for Updates plugin <= 1.1.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by kr0d in WordPress Plugin Email Notifications for Updates versions = 1.1.6...
CVE-2025-14447 AnnunciFunebri Impresa <= 4.7.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Options Deletion
The AnnunciFunebri Impresa plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the annfuresetoptions function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and...
WordPress AnnunciFunebri Impresa plugin <= 4.7.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Options Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary plugin Options Deletion vulnerability discovered by Legion Hunter in WordPress Plugin AnnunciFunebri Impresa versions = 4.7.0...
Exploit for CVE-2025-13342
CVE-2025-13342 PoC The Frontend Admin by DynamiApps plugin fo...
CVE-2025-13342 Frontend Admin by DynamiApps <= 3.28.20 - Unauthenticated Arbitrary Options Update
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthorized modification of arbitrary WordPress options in all versions up to, and including, 3.28.20. This is due to insufficient capability checks and input validation in the ActionOptions::run save handler. This makes it...
WordPress Realty Portal plugin <= 0.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by kr0d in WordPress Plugin Realty Portal versions = 0.4.1...
CVE-2025-11985 Realty Portal <= 0.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
The Realty Portal plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'rpsavepropertysettings' function in versions 0.1 to 0.4.1. This makes it possible for authenticated attackers, with...
WordPress Make Email Customizer for WooCommerce plugin <= 1.0.6 - Authenticated (Subscriber+) Arbitrary Options Update vulnerability
Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Make Email Customizer for WooCommerce versions = 1.0.6...
EUVD-2025-74049
The Make Email Customizer for WooCommerce WordPress plugin through 1.0.6 lacks proper authorization checks and option validation in its AJAX actions, allowing any authenticated user, such as a Subscriber, to update arbitrary WordPress options...
CVE-2025-11237 Make Email Customizer for WooCommerce <= 1.0.6 - Subscriber+ Arbitrary Options Update
The Make Email Customizer for WooCommerce WordPress plugin through 1.0.6 lacks proper authorization checks and option validation in its AJAX actions, allowing any authenticated user, such as a Subscriber, to update arbitrary WordPress options...
CVE-2025-11237 Make Email Customizer for WooCommerce <= 1.0.6 - Subscriber+ Arbitrary Options Update
The Make Email Customizer for WooCommerce WordPress plugin through 1.0.6 lacks proper authorization checks and option validation in its AJAX actions, allowing any authenticated user, such as a Subscriber, to update arbitrary WordPress options...
CVE-2025-11237
CVE-2025-11237 concerns the WordPress plugin Make Email Customizer for WooCommerce (