318 matches found
WordPress WowOptin: Next-Gen Popup Maker - Create Stunning Popups and Optins for Lead Generation plugin <= 1.4.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Installation vulnerability
WordPress WowOptin: Next-Gen Popup Maker - Create Stunning Popups and Optins for Lead Generation plugin = 1.4.24 - Missing Authorization to Authenticated Subscriber+ Arbitrary plugin Installation vulnerability discovered by WordFence in WordPress Plugin WowOptin versions = 1.4.24...
CVE-2026-1720
The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the 'installandactiveplugin' function in all versions up to, and including, 1.4.24. This...
CVE-2026-1720
The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the 'installandactiveplugin' function in all versions up to, and including, 1.4.24. This...
CVE-2026-1720 WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation <= 1.4.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation
The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the 'installandactiveplugin' function in all versions up to, and including, 1.4.24. This...
CVE-2025-12975
The CVE-2025-12975 entry concerns CTX Feed – WooCommerce Product Feed Manager for WordPress (
CVE-2025-12975 CTX Feed – WooCommerce Product Feed Manager <= 6.6.11 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Plugin Installation
The CTX Feed – WooCommerce Product Feed Manager plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the woofeedplugininstalling function in all versions up to, and including, 6.6.11. This makes it possible for authenticated...
PT-2026-20596
Name of the Vulnerable Software and Affected Versions CTX Feed – WooCommerce Product Feed Manager plugin for WordPress versions through 6.6.11 Description The CTX Feed – WooCommerce Product Feed Manager plugin for WordPress has a flaw that allows unauthorized arbitrary plugin installation. This i...
WordPress plugin CTX Feed – WooCommerce Product Feed Manager 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress CTX Feed - WooCommerce Product Feed Manager plugin <= 6.6.11 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Plugin Installation vulnerability
WordPress CTX Feed - WooCommerce Product Feed Manager plugin = 6.6.11 - Missing Authorization to Authenticated Shop Manager+ Arbitrary Plugin Installation vulnerability discovered by DityaRA in WordPress Plugin CTX Feed versions = 6.6.11...
CVE-2026-2001 WowRevenue <= 2.1.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation
The WowRevenue plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'Notice::installactivateplugin' function in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2026-1490
The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS PTR record spoofing on the 'checkWithoutToken' function in all versions up to, and including, 6.71. This makes it...
CVE-2026-1490
The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS PTR record spoofing on the 'checkWithoutToken' function in all versions up to, and including, 6.71. This makes it...
CVE-2026-1490 Spam protection, Honeypot, Anti-Spam by CleanTalk <= 6.71 - Authorization Bypass via Reverse DNS (PTR record) Spoofing to Unauthenticated Arbitrary Plugin Installation
The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS PTR record spoofing on the 'checkWithoutToken' function in all versions up to, and including, 6.71. This makes it...
EUVD-2026-5835
The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS PTR record spoofing on the 'checkWithoutToken' function in all versions up to, and including, 6.71. This makes it...
PT-2026-8222
Name of the Vulnerable Software and Affected Versions CleanTalk versions up to and including 6.71 Description The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress has a flaw that allows unauthorized Arbitrary Plugin Installation. This is due to an authorization bypass via...
WordPress Dreamer Blog theme <= 1.2 - Subscriber+ Arbitrary Plugin Installation vulnerability
Subscriber+ Arbitrary Plugin Installation vulnerability discovered by Khaled Alenazi Nxploited in WordPress Theme Dreamer Blog versions = 1.2...
WordPress Perfit WooCommerce plugin <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings Deletion vulnerability
Missing Authorization to Unauthenticated Arbitrary Plugin Settings Deletion vulnerability discovered by Legion Hunter in WordPress Plugin Perfit WooCommerce versions = 1.0.1...
CVE-2025-10915 Dreamer Blog <= 1.2 - Subscriber+ Arbitrary Plugin Installation
The Dreamer Blog WordPress theme through 1.2 is vulnerable to arbitrary installations due to a missing capability check...
CVE-2025-10915
The Dreamer Blog WordPress theme (≤ 1.2) is reported to be vulnerable to arbitrary plugin installations due to a missing capability check. The CVE entry CVE-2025-10915 maps to this issue. Wordfence notes indicate the Dreamer Blog vulnerability is still unpatched, highlighting a risk of unauthoriz...
CVE-2025-10915 Dreamer Blog <= 1.2 - Subscriber+ Arbitrary Plugin Installation
The Dreamer Blog WordPress theme through 1.2 is vulnerable to arbitrary installations due to a missing capability check...