CVE-2025-11835 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.16.4 - Missing Authorization to Unauthenticated Arbitrary Member Subscription Auto Renewal

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability and validation check on the PMSAJAXCheckoutHandler::processpayment function in all versions up t...

kgateway is missing xDS authorization

Summary The xDS interface in Kgateway versions 2.0.0 through 2.0.4 lacks authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend service information, routing rules, and cluster...

WordPress plugin Essential Addons for Elementor 安全漏洞

WordPress Essential Addons for Elementor plugin is an extension plugin designed for Elementor page builder, offering over 80 advanced widgets and modules for creating professional web designs. The WordPress Essential Addons for Elementor plugin suffers from an Authorization Missing vulnerability...

CVE-2025-60319

PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint AttachController.java...

CVE-2025-64210

Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets masterstudy-elementor-widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Masterstudy Elementor Widgets: from n/a through = 1.2.4...

CVE-2025-60319

PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint AttachController.java...

PerfreeBlog 安全漏洞

PerfreeBlog is PerfreeBlog open source, a java-based blog/CMS builder. A security vulnerability exists in PerfreeBlog version 4.0.11, which stems from a lack of authorization checking in the uploadAttachByUrl API endpoint, which could lead to server-side request forgery...

CVE-2025-60319

PerfreeBlog v4.0.11 is affected by CVE-2025-60319, a Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl endpoint (AttachController.java). The issue enables SSRF via the /uploadAttachByUrl API, with a CVSS v3.1 base score of 6.5 (MEDIUM) and network attack ve...

EUVD-2025-36619

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS Pro: from n/a through 4.7.16...

WordPress plugin Evergreen Content Poster 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

CVE-2025-11154

CVE-2025-11154 affects IDonate for WordPress, vulnerable in versions prior to 2.1.13 due to missing authorization and CSRF protection when deleting users via an action handler. This unauthenticated flow allows an attacker to delete arbitrary users. Reported across multiple sources (Wordfence, Pat...

EUVD-2025-36053

Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates woo-coupon-usage allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coupon Affiliates: from n/a through = 7.0.3...

CVE-2025-62980

CVE-2025-62980 is a Missing Authorization (broken access control) vulnerability in the WordPress plugin Persian Admnin Fonts, affecting versions up to and including 4.1.03. The connected sources indicate an unauthorized access risk due to misconfigured access control. Patch status is not publicly...

WordPress plugin WP-Lister Lite for eBay 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-43836

Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/a through = 1.3.4...

WordPress plugin Link Whisper Free security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...

CVE-2025-11269

CVE-2025-11269 affects the WordPress plugin Product Filter by WBW (versions

CVE-2025-10901 Originality.ai AI Checker <= 1.0.16 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'ai_get_table'

The Originality.ai AI Checker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'aigettable' function in all versions up to, and including, 1.0.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to improper access control to OpenAPI. An attacker can retrieve sensitive OpenAPI YAML files by sending a specially crafted URL. Remediation Upgrade com.liferay:com.liferay.portal.security.auth.verifier to...

CVE-2025-62019

Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor recipe-card-blocks-by-wpzoom.This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through = 3.4.8...