3 matches found
CVE-2026-4117 CalJ <= 1.5 - Authenticated (Subscriber+) Arbitrary Settings Modification via 'save-obtained-key' Action
The CalJ plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5. This is due to a missing capability check in the CalJSettingsPage class constructor, which processes the 'save-obtained-key' operation directly from POST data without verifying that the...
CVE-2025-14170 Vimeo SimpleGallery <= 0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification
The Vimeo SimpleGallery plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 0.2. This is due to missing authorization checks on the vimeogalleryadmin function hooked to adminmenu. This makes it possible for authenticated attackers, with Subscriber-lev...
WordPress Vimeo SimpleGallery plugin <= 0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Settings Modification vulnerability discovered by Legion Hunter in WordPress Plugin Vimeo SimpleGallery versions = 0.2...