CVE-2025-11725

The CVE-2025-11725 entry concerns the Aruba HiSpeed Cache WordPress plugin, affected up to version 3.0.2. The vulnerability arises from missing capability checks in multiple functions, allowing unauthenticated attackers to modify the plugin’s configuration settings and enable/disable features. Im...

CVE-2025-12027 Mesmerize Companion <= 1.6.158 - Missing Authorization Authenticated (Subscriber+) Settings Update

The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the "openPageInCustomizer" and "openPageInDefaultEditor" functions in all versions up to, and including, 1.6.158. This makes it possible for authenticate...

CVE-2025-12027 Mesmerize Companion <= 1.6.158 - Missing Authorization Authenticated (Subscriber+) Settings Update

The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the "openPageInCustomizer" and "openPageInDefaultEditor" functions in all versions up to, and including, 1.6.158. This makes it possible for authenticate...

WordPress plugin SEO Plugin by Squirrly SEO 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin BackWPup – WordPress Backup & Restore Plugin 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin IDonate 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin Toret Manager 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress plugin News Element Elementor Blog Magazine 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-20577

Name of the Vulnerable Software and Affected Versions ACF Photo Gallery Field versions prior to 3.1 Description The ACF Photo Gallery Field plugin for WordPress has a flaw that allows unauthorized modification of data. This is due to a missing capability check within the acf photo gallery edit sa...

PT-2026-20621

The Virusdie - One-click website security plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.7. This is due to missing capability checks on the vd get apikey function which is hooked to wp ajax virusdie apikey. This makes it possible for...

PT-2026-20596

Name of the Vulnerable Software and Affected Versions CTX Feed – WooCommerce Product Feed Manager plugin for WordPress versions through 6.6.11 Description The CTX Feed – WooCommerce Product Feed Manager plugin for WordPress has a flaw that allows unauthorized arbitrary plugin installation. This i...

PT-2026-20642

The Dealia – Request a quote plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on multiple AJAX handlers in all versions up to, and including, 1.0.6. The admin nonce DEALIA ADMIN NONCE is exposed to all users with edit posts capability...

PT-2026-20616

The Mega Store Woocommerce theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setup widgets function in core/includes/importer/whizzie.php in all versions up to, and including, 5.9. This makes it possible for authenticated attackers, wi...

PT-2026-20615

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sq ajax uninstall function in all versions up to, and including, 12.4.14. This makes it possible for authenticated attackers, with Subscriber-level acces...

PT-2026-20597

The Shopire theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the shopire admin install plugin function in all versions up to, and including, 1.0.57. This makes it possible for authenticated attackers, with Subscriber-level access and abov...

PT-2026-20631

The Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the 'install plugin' function in all versions up to, and including, 1.20.0. This makes it possible for...

PT-2026-20623

Name of the Vulnerable Software and Affected Versions BackWPup – WordPress Backup & Restore Plugin versions prior to 5.6.3 Description The BackWPup – WordPress Backup & Restore Plugin for WordPress is susceptible to unauthorized data modification, potentially leading to privilege escalation. A...

PT-2026-20617

The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MfaEmailDisable action in all versions up to, and including, 21.0.9. This makes it possible for...

PT-2026-20629

Name of the Vulnerable Software and Affected Versions Toret Manager plugin for WordPress versions up to and including 1.2.7 Description The Toret Manager plugin for WordPress has a flaw that allows unauthorized modification of data, potentially leading to privilege escalation. This is due to a...

PT-2026-20576

Name of the Vulnerable Software and Affected Versions Mesmerize Companion versions up to and including 1.6.158 Description The Mesmerize Companion plugin for WordPress is susceptible to unauthorized access and modification of data. This is due to a missing capability check within the...