CVE-2021-24195

Low privileged users can use the AJAX action 'cppluginsdobuttonjoblatercallback' in the Login as User or Customer User Switching WordPress plugin before 1.8, to install any plugin including a specific version from the WordPress repository, as well as activate arbitrary plugin from then blog, whic...

CVE-2020-25263

PyroCMS 3.7 is vulnerable to cross-site request forgery CSRF via the admin/addons/uninstall/anomaly.module.blocks URI: an arbitrary plugin will be deleted...

CVE-2025-3452 SecuPress Free <= 2.3.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation

The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'secupressreinstallpluginsadminajaxcb' function in all versions up to, and including, 2.3.9. This makes it possible for authenticated attackers,...

CVE-2025-3452 SecuPress Free <= 2.3.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation

The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'secupressreinstallpluginsadminajaxcb' function in all versions up to, and including, 2.3.9. This makes it possible for authenticated attackers,...

📄 Anant Addons for Elementor 1.1.5 CSRF / Arbitrary Plugin Installation

Anant Addons for Elementor versions 1.1.5 and below cross site request forgery proof of concept that allows for arbitrary plugin installation. 🛡️ Anant Addons for Elementor Anant Addons for Elementor body background-color: 111; color: 0f0; font-family: monospace;...

CVE-2025-2807

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing capability check in the mvlsetupwizardinstallplugin function in all versions up to, and including, 1.4.64. This makes it possible for authenticated...

CVE-2025-2807

CVE-2025-2807 affects the Motors – Car Dealership & Classified Listings Plugin for WordPress. All versions up to 1.4.64 lack a capability check in mvl_setup_wizard_install_plugin(), allowing authenticated users with Subscriber+ privileges to install/activate arbitrary plugins on the vulnerable si...

PT-2025-15413 · WordPress · Motors – Car Dealership & Classified Listings Plugin

Name of the Vulnerable Software and Affected Versions: Motors – Car Dealership & Classified Listings Plugin versions 1.4.64 and earlier Description: The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing...

WordPress Motors 1.4.64 Arbitrary Plugin Installation

WordPress Motors plugin versions 1.4.64 and below suffer from an arbitrary plugin installation vulnerability...

CVE-2025-30911 WordPress RomethemeKit For Elementor plugin <= 1.5.4 - Arbitrary Plugin Installation/Activation to RCE vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Rometheme RTMKit rometheme-for-elementor allows Command Injection.This issue affects RTMKit: from n/a through = 1.5.4...

WordPress Pubnews 1.0.7 Arbitrary Plugin Installation

WordPress Pubnews theme versions 1.0.7 and below suffer from an unauthenticated arbitrary plugin installation vulnerability...

Exploit for CVE-2024-10578

CVE-2024-10578: Pubnews = 1.0.7 - Unauthenticated Arbitrary P...

WordPress Elementor Pro Animation Addon 1.6 Missing Authorization

The Animation Addons for Elementor Pro plugin versions 1.6 and below on WordPress suffers from a missing capability check allowing for arbitrary plugin installation...

Exploit for CVE-2024-10674

CVE-2024-10674 Exploit - Th Shop Mania --username --password...

CVE-2025-1639 Animation Addons for Elementor Pro <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation

The Animation Addons for Elementor Pro plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the installelementorpluginhandler function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, wi...

WordPress plugin Animation Addons for Elementor Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

CVE-2025-25106 WordPress Starter Templates by FancyWP plugin <= 2.0.0 - CSRF to Arbitrary Plugin Installation vulnerability

Cross-Site Request Forgery CSRF vulnerability in FancyWP Starter Templates by FancyWP allows Cross Site Request Forgery. This issue affects Starter Templates by FancyWP: from n/a through 2.0.0...

CVE-2022-4950

Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber...

CVE-2019-25149

The Gallery Images Ape plugin for WordPress is vulnerable to Arbitrary Plugin Deactivation in versions up to, and including, 2.0.6. This allows authenticated attackers with any capability level to deactivate any plugin on the site, including plugins necessary to site functionality or security...

CVE-2020-36719

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lpccaddonsactions function. This makes it possible for unauthenticated attacker...