5 matches found
CVE-2026-1291
CVE-2026-1291 concerns the Meow Gallery WordPress plugin. A missing capability check on the REST API endpoint /wp-json/meow-gallery/v1/save_shortcode allows authenticated users with Author-level access or higher to arbitrarily create or overwrite gallery shortcode records by supplying a user-cont...
CVE-2026-2879
The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.2. This is due to missing validation on the id parameter in the create method of the GetGenieChat REST API endpoint. The method accepts a user-controlled post ID and, when...
CVE-2026-2879
The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.2. This is due to missing validation on the id parameter in the create method of the GetGenieChat REST API endpoint. The method accepts a user-controlled post ID and, when...
PT-2026-25158
The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.2. This is due to missing validation on the id parameter in the create method of the GetGenieChat REST API endpoint. The method accepts a user-controlled post ID and, when...
PT-2024-20719 · WordPress · Gamipress
Name of the Vulnerable Software and Affected Versions: GamiPress WordPress plugin versions prior to 6.8.9 Description: The access control mechanism in the GamiPress WordPress plugin fails to properly restrict access to its settings. This allows Authors to manipulate requests and extend access to...