CVE-2025-14941

The GZSEO plugin for WordPress is vulnerable to authorization bypass leading to Stored Cross-Site Scripting in all versions up to, and including, 2.0.11. This is due to missing capability checks on multiple AJAX handlers combined with insufficient input sanitization and output escaping on the...

CVE-2025-14629

The Alchemist Ajax Upload plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the 'deletefile' function in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to delete arbitrary WordPress media...

CVE-2025-14629

The Alchemist Ajax Upload plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the 'deletefile' function in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to delete arbitrary WordPress media...

PT-2026-4594

The Meta-box GalleryMeta plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mb gallery' custom post type in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with Author-level access and...

PT-2026-4592

The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax callback store user meta function in versions 4.1.0 to 4.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and...

WordPress plugin Meta-box GalleryMeta has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-4569

The Alchemist Ajax Upload plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the 'delete file' function in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to delete arbitrary WordPress media...

PT-2026-4624

Name of the Vulnerable Software and Affected Versions WP Go Maps formerly WP Google Maps versions through 10.0.04 Description The WP Go Maps plugin for WordPress has an issue where data can be modified without proper authorization. This is due to a missing capability check within the...

CVE-2025-14947

The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcallbackcreatebunnystreamvideo, ajaxcallbackgetbunnystreamvideo, and ajaxcallbackdeletebunnystreamvideo functions in all versions up to, and including,...

CVE-2025-14947

The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcallbackcreatebunnystreamvideo, ajaxcallbackgetbunnystreamvideo, and ajaxcallbackdeletebunnystreamvideo functions in all versions up to, and including,...

CVE-2025-13921

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to unauthorized modification or loss of data due to a missing capability check on the 'wedocsuserdocumentationhandlingcapabilities' function in all versions up to, and including, 2.1.1...

CVE-2025-13921

CVE-2025-13921 (weDocs for WordPress) : Wordfence and related feeds confirm that weDocs versions up to 2.1.16 expose an unauthenticated ability to modify or lose documentation data due to a missing capability check in wedocs_user_documentation_handling_capabilities. An authenticated attacker with...

CVE-2025-13921 weDocs <= 2.1.16 - Missing Authorization to Authenticated (Subscriber+) Documentation Post Update

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to unauthorized modification or loss of data due to a missing capability check on the 'wedocsuserdocumentationhandlingcapabilities' function in all versions up to, and including, 2.1.1...

CVE-2025-13921 weDocs <= 2.1.16 - Missing Authorization to Authenticated (Subscriber+) Documentation Post Update

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to unauthorized modification or loss of data due to a missing capability check on the 'wedocsuserdocumentationhandlingcapabilities' function in all versions up to, and including, 2.1.1...

CVE-2025-13921

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to unauthorized modification or loss of data due to a missing capability check on the 'wedocsuserdocumentationhandlingcapabilities' function in all versions up to, and including, 2.1.1...

CVE-2025-14866

The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.1. This is due to a misconfigured capability check on the 'savesecondaryrolesfield' function. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2025-14866 Melapress Role Editor <= 1.1.1 - Improper Authorization to Authenticated (Subscriber+) Privilege Escalation via Secondary Role Assignment

The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.1. This is due to a misconfigured capability check on the 'savesecondaryrolesfield' function. This makes it possible for authenticated attackers, with Subscriber-level...

WordPress plugin Melapress Role Editor has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-4351

Name of the Vulnerable Software and Affected Versions Melapress Role Editor plugin for WordPress versions prior to 1.1.2 Description The Melapress Role Editor plugin for WordPress is subject to a privilege escalation issue. An attacker with Subscriber-level access or higher can assign themselves...

PT-2026-4521

Name of the Vulnerable Software and Affected Versions All-in-One Video Gallery plugin for WordPress versions through 4.6.4 Description The All-in-One Video Gallery plugin for WordPress is susceptible to unauthorized data modification because of a missing capability check on the ajax callback crea...