13 matches found
PT-2026-39954
The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation logic flaw in the saab cancel booking function in all versions up to, and including, 1.0.8. The nonce check uses && AND instead of || OR...
CVE-2026-6518
The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload and remote code execution in all versions up to, and including, 4.1.16 via the cmpthemeupdateinstall AJAX action. This is due to the function only checking for the publishpages...
CVE-2025-12958
The Rankology SEO and Analytics Tool plugin for WordPress is vulnerable to unauthorized modification of data due to an incorrect capability check on the 'rankologycodeblock' page in all versions up to, and including, 2.0. This makes it possible for authenticated attackers, with Editor-level acces...
WordPress plugin BackWPup 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
EUVD-2025-34954
The ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'shortpixelajaxRequest' AJAX action in all versions up to, and including, 6.3.4. This makes it possible for...
EUVD-2025-26881
Malicious code in bioql PyPI...
EUVD-2024-27487
Malicious code in bioql PyPI...
EUVD-2024-44263
Malicious code in bioql PyPI...
CVE-2025-8068
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to an improper capability check on the 'ajaxtrashtemplates' function in all versions up to, and including, 2.9.1. This makes it possible for authenticated attackers, wi...
CVE-2024-7622
The Revision Manager TMC plugin for WordPress is vulnerable to unauthorized arbitrary email sending due to a missing capability check on the aajaxQuickEmailTestCallback function in all versions up to, and including, 2.8.19. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2025-3921
The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handelajaxreq function in versions 1.9.1 to 7.5.2. This makes it possible for unauthenticated attackers to update arbitrary user's metadata whic...
CVE-2025-3953
CVE-2025-3953 affects WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin for WordPress (versions up to 14.13.3). The flaw is a missing capability check in optionUpdater, enabling authenticated attackers with Subscriber-level access and above to modify arbitrary plugin settings. Th...
CVE-2024-13783
The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export all plugin da...