9655 matches found
CVE-2026-1104 FastDup – Fastest WordPress Migration & Duplicator <= 2.7.1 - Missing Authorization to Authenticated (Contributor+) Backup Creation and Download
The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to unauthorized backup creation and download due to a missing capability check on REST API endpoints in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with...
CVE-2026-1748
The Invoct – PDF Invoices & Billing for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access...
CVE-2026-2295
The WPZOOM Addons for Elementor – Starter Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajaxpostgridloadmore' function in all versions up to, and including, 1.3.2. This makes it possible for unauthenticated attacker...
CVE-2026-1786
The Twitter posts to Blog plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dgtwoptions' function in all versions up to, and including, 1.11.25. This makes it possible for unauthenticated attackers to update plugin settings including...
CVE-2026-1671
The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the winteractivitylogaction function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level access...
CVE-2026-1537
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the loadstep function in all versions up to, and including, 5.2.6. This makes it possible for unauthenticated attackers to vie...
CVE-2026-1537 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.6 - Missing Authorization to Booking Details Exposure
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the loadstep function in all versions up to, and including, 5.2.6. This makes it possible for unauthenticated attackers to vie...
CVE-2026-1537
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the loadstep function in all versions up to, and including, 5.2.6. This makes it possible for unauthenticated attackers to vie...
WordPress plugin LatePoint 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-7839
The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the winter activity log action function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level acce...
PT-2026-7813
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the load step function in all versions up to, and including, 5.2.6. This makes it possible for unauthenticated attackers to vi...
CVE-2025-13391
The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO Premium plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'unicporemovefile' function in all versions up to, and including, 4.9.60. This makes it possible for...
CVE-2025-13391
The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) plugin for WordPress is vulnerable due to a missing capability check on uni_cpo_remove_file, allowing unauthenticated attackers to delete arbitrary attachments or files stored in Dropbox when the path is known....
CVE-2025-13391 Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) <= 4.9.60 - Missing Authorization to Unauthenticated Arbitrary Attachment and Dropbox File Deletion
The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO Premium plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'unicporemovefile' function in all versions up to, and including, 4.9.60. This makes it possible for...
CVE-2026-2295
The WPZOOM Addons for Elementor – Starter Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajaxpostgridloadmore' function in all versions up to, and including, 1.3.2. This makes it possible for unauthenticated attacker...
CVE-2026-2295
CVE-2026-2295 affects the WordPress plugin “WPZOOM Addons for Elementor – Starter Templates & Widgets” up to version 1.3.2, exposing protected post titles and excerpts via an unauthenticated request to ajax_post_grid_load_more due to a missing capability check. Multiple sources (Wordfence, CVE en...
CVE-2026-2295
The WPZOOM Addons for Elementor – Starter Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajaxpostgridloadmore' function in all versions up to, and including, 1.3.2. This makes it possible for unauthenticated attacker...
CVE-2026-1786
The Twitter posts to Blog plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dgtwoptions' function in all versions up to, and including, 1.11.25. This makes it possible for unauthenticated attackers to update plugin settings including...
CVE-2026-1748
The Invoct – PDF Invoices & Billing for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access...
CVE-2026-1786
CVE-2026-1786 : The Twitter posts to Blog plugin for WordPress is vulnerable due to a missing capability check on the internal dg_tw_options function, affecting all versions up to and including 1.11.25. This allows unauthenticated attackers to modify plugin settings (including Twitter API credent...