CVE-2025-12075

The Order Splitter for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wostroubleshooting' AJAX endpoint in all versions up to, and including, 5.3.5. This makes it possible for authenticated attackers, with Subscriber-level...

WordPress plugin EmailKit – Email Customizer for WooCommerce & WP 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

WordPress plugin Gutenberg Blocks with AI by Kadence WP 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

PT-2026-20222

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp ajax change ticket status' AJAX endpoint in all versions up to, and including, 3.5.6.4. This makes it possible for authenticated attacker...

PT-2026-20365

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to unauthorized arbitrary shortcode execution in all versions up to, and including, 1.70.4. This is due to a missing capability check on the siteorigin widget preview widget action function which is registered via the wp ajax so...

PT-2026-20291

Name of the Vulnerable Software and Affected Versions EmailKit – Email Customizer for WooCommerce & WP versions prior to 1.6.3 Description The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress has a flaw that allows unauthorized data modification. This is due to a missing...

PT-2026-20379

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the b2s curation draft AJAX action in all versions up to, and including, 8.7.4. The curationDraft function only verifies current user...

PT-2026-20287

The YayMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized plugin installation and activation due to missing capability checks on the 'yaymail install yaysmtp' AJAX action and /yaymail/v1/addons/activate REST endpoint in all versions up to, and including, 4.3.2...

PT-2026-20352

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the process image data ajax callback function which handles the kadence import process image data AJAX...

CVE-2026-2001

The WowRevenue plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'Notice::installactivateplugin' function in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with subscriber-level access and...

CVE-2026-2608

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.32. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2026-2608

CVE-2026-2608 : Kadence Blocks — Page Builder Toolkit for Gutenberg Editor vulnerability in WordPress. Up to version 3.5.32, missing capability check allows authenticated users with Contributor-level access and above to perform an unauthorized action. Patch status in Wordfence context shows mitig...

CVE-2026-2608 Gutenberg Blocks by Kadence Blocks <= 3.5.32 - Missing Authorization

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.32. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2026-0929

The RegistrationMagic WordPress plugin before 6.0.7.2 does not have proper capability checks, allowing subscribers and above to create forms on the site...

PT-2026-8403

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.32. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2026-2001

The WowRevenue plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'Notice::installactivateplugin' function in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with subscriber-level access and...

EUVD-2026-6123

The RegistrationMagic WordPress plugin before 6.0.7.2 does not have proper capability checks, allowing subscribers and above to create forms on the site...

CVE-2026-0929

The RegistrationMagic WordPress plugin before 6.0.7.2 does not have proper capability checks, allowing subscribers and above to create forms on the site...

CVE-2026-0929

The CVE-2026-0929 entry concerns the WordPress plugin RegistrationMagic, affected versions before 6.0.7.2. The root cause is missing capability checks, permitting subscribers and above to create forms on a site. Impact is unauthorised form creation, with CVSSv3.1 base score 4.3 (Medium) and privi...

CVE-2026-0929

The RegistrationMagic WordPress plugin before 6.0.7.2 does not have proper capability checks, allowing subscribers and above to create forms on the site...