CVE-2025-14357 Mega Store Woocommerce <= 5.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page Creation and Settings Change

The Mega Store Woocommerce theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setupwidgets function in core/includes/importer/whizzie.php in all versions up to, and including, 5.9. This makes it possible for authenticated attackers, wit...

EUVD-2025-203915

A Cross-Site Request Forgery CSRF in the page creation/editing function of RiteCMS v3.1.0 allows attackers to arbitrarily create pages via a crafted POST request...

CVE-2025-67173

A Cross-Site Request Forgery CSRF in the page creation/editing function of RiteCMS v3.1.0 allows attackers to arbitrarily create pages via a crafted POST request...

WordPress Accessiy By CodeConfig Accessibility plugin <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page Creation vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Page Creation vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin CodeConfig Accessibility versions = 1.0.0...

EUVD-2025-16517

Malicious code in bioql PyPI...

CVE-2024-3555 Social Link Pages: link-in-bio landing pages for your social media profiles <= 1.6.9 - Missing Authorization to Arbitrary Page Creation and Cross-Site Scripting

The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the importlinkpages function in all versions up to, and including, 1.6.9. This makes it possible for unauthenticated...

WordPress Social Link Pages plugin <= 1.6.9 - Missing Authorization to Arbitrary Page Creation and Cross-Site Scripting vulnerability

Missing Authorization to Arbitrary Page Creation and Cross-Site Scripting vulnerability discovered by Lucio Sá in WordPress Plugin Social Link Pages versions = 1.6.9...

CVE-2022-47131

A Cross-Site Request Forgery CSRF in Academy LMS before v5.10 allows an attacker to arbitrarily create a page...

CVE-2022-47131

A Cross-Site Request Forgery CSRF in Academy LMS before v5.10 allows an attacker to arbitrarily create a page...

WordPress Bulk Page Creator plugin <= 1.1.3 - Arbitrary Page Creation via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Page Creation via Cross-Site Request Forgery CSRF vulnerability was discovered by Daniel Ruf in the WordPress Bulk Page Creator plugin versions = 1.1.3. Solution Update the WordPress Bulk Page Creator plugin to the latest available version at least 1.1.4...