9655 matches found
CVE-2025-15507
The CVE-2025-15507 entry concerns the WordPress plugin Magic Import Document Extractor, affected in all versions up to and including 1.0.4. The root cause is a missing capability/authorization check in the ajax_sync_usage() function, enabling unauthenticated attackers to modify the plugin’s licen...
EUVD-2025-206794
The Magic Import Document Extractor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsyncusage function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to modify the plugin's...
CVE-2025-15507 Magic Import Document Extractor <= 1.0.5 - Missing Authorization to Unauthenticated Plugin License Status Modification
The Magic Import Document Extractor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsyncusage function in all versions up to, and including, 1.0.5. This makes it possible for unauthenticated attackers to modify the plugin's...
CVE-2025-15285
CVE-2025-15285 concerns the WordPress plugin SEO Flow by LupsOnline (versions
CVE-2025-15285 SEO Flow by LupsOnline <= 2.2.1 - Unauthenticated Arbitrary Post/Category Modification
The SEO Flow by LupsOnline plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkBlogAuthentication and checkCategoryAuthentication functions in all versions up to, and including, 2.2.1. These authorization functions only implement...
CVE-2025-15285 SEO Flow by LupsOnline <= 2.2.1 - Unauthenticated Arbitrary Post/Category Modification
The SEO Flow by LupsOnline plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkBlogAuthentication and checkCategoryAuthentication functions in all versions up to, and including, 2.2.1. These authorization functions only implement...
CVE-2025-15285
The SEO Flow by LupsOnline plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkBlogAuthentication and checkCategoryAuthentication functions in all versions up to, and including, 2.2.1. These authorization functions only implement...
Unspecified vulnerability in WordPress plugin metasync
WordPress is a set of blogging platform developed using the PHP language, the platform has the ability to set up a personal blog site on a server based on PHP and MySQL, WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin metasync, which stems from a...
PT-2026-6011
Name of the Vulnerable Software and Affected Versions WebPurify Profanity Filter versions up to and including 4.0.2 Description The WebPurify Profanity Filter plugin for WordPress has a flaw that allows unauthorized modification of data. This is due to a missing capability check on the webpurify...
PT-2026-5885
Name of the Vulnerable Software and Affected Versions SEO Flow versions prior to 2.2.2 Description The SEO Flow plugin for WordPress is susceptible to unauthorized data modification because of a missing capability check within the checkBlogAuthentication and checkCategoryAuthentication functions...
PT-2026-5769
The WP ULike plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.8.3.1. This is due to the wp ulike delete history api AJAX action not verifying that the log entry being deleted belongs to the current user. This makes it possible for...
CVE-2026-1431
The Booking Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpbcajaxWPBCFLEXTIMELINENAV function in all versions up to, and including, 10.14.13. This makes it possible for unauthenticated attackers to retrieve booking information...
CVE-2025-15510
The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5ExportForms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form configuration...
Toxic_Flow_Analysis_Framework_For_Agentic_AI
Toxic Flow Analysis TFA Framework A Secure-by-Design framew...
CVE-2026-1431
The Booking Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpbcajaxWPBCFLEXTIMELINENAV function in all versions up to, and including, 10.14.13. This makes it possible for unauthenticated attackers to retrieve booking information...
EUVD-2026-5082
The Booking Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpbcajaxWPBCFLEXTIMELINENAV function in all versions up to, and including, 10.14.13. This makes it possible for unauthenticated attackers to retrieve booking information...
CVE-2025-15510
The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5ExportForms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form configuration...
CVE-2025-15510 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.8 - Missing Authorization to Unauthenticated Sensitive Information Exposure
The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5ExportForms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form configuration...
CVE-2025-15510
The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5ExportForms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form configuration...
EUVD-2025-206597
The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5ExportForms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form configuration...