WordPress YouTube Video Gallery by YouTube Showcase plugin <= 3.3.6 - Missing Authorization to Arbitrary Post/Page Creation vulnerability

Missing Authorization to Arbitrary Post/Page Creation vulnerability discovered by Lucio Sá in WordPress Plugin YouTube Showcase versions = 3.3.6...

WordPress Post Type Builder (PTB) plugin < 2.1.4 - Subscriber+ Arbitrary Post/Page Creation vulnerability

Subscriber+ Arbitrary Post/Page Creation vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Post Type Builder PTB versions 2.1.4...

Design/Logic Flaw

The WP eCommerce plugin for WordPress is vulnerable to unauthorized arbitrary post creation due to a missing capability check on the checkforsaaspush function in all versions up to, and including, 3.15.1. This makes it possible for unauthenticated attackers to create arbitrary posts with arbitrar...

CVE-2024-1516

CVE-2024-1516 : WP eCommerce for WordPress suffers unauthorized arbitrary post creation due to a missing capability check in check_for_saas_push() in all versions up to 3.15.1. The vulnerability is exploitable by unauthenticated actors to create posts with arbitrary content. Technical details spe...

CVE-2024-1516

The WP eCommerce plugin for WordPress is vulnerable to unauthorized arbitrary post creation due to a missing capability check on the checkforsaaspush function in all versions up to, and including, 3.15.1. This makes it possible for unauthenticated attackers to create arbitrary posts with arbitrar...

CVE-2022-4103 Royal Elementor Addons < 1.3.56 - Subscriber+ Arbitrary Post Creation

The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. This could allow any authenticated users, such as subscriber to create a post as well as any post type with an...

CVE-2022-4103 Royal Elementor Addons < 1.3.56 - Subscriber+ Arbitrary Post Creation

The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. This could allow any authenticated users, such as subscriber to create a post as well as any post type with an...

CVE-2022-0363 myCred < 2.4.4 - Subscriber+ Arbitrary Post Creation

The myCred WordPress plugin before 2.4.3.1 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts...

WordPress myCred plugin <= 2.4.3 - Arbitrary Post Creation vulnerability

Arbitrary Post Creation vulnerability discovered by Krzysztof Zając in WordPress myCred plugin versions = 2.4.3. Solution Update the WordPress myCred plugin to the latest available version at least 2.4.4...

WordPress 123ContactForm plugin <= 1.5.6 - Arbitrary Post Creation vulnerability

Arbitrary Post Creation vulnerability found by Sucuri in WordPress 123ContactForm plugin versions = 1.5.6. Solution 2021-01-20 - we were unable to find a patched version of this plugin. Notification from WordPress plugin repository: "This plugin has been closed as of October 27, 2020 and is not...