289 matches found
EUVD-2026-42830
The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator emai...
CVE-2026-12685 EscortWP <= 3.6.2 - Content Deletion via Vendor-Authored Backdoor
The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator emai...
CVE-2026-12685
The CVE-2026-12685 entry describes a vulnerability in the EscortWP WordPress theme (
CVE-2025-69134 WordPress OpenAI Chatbot for WordPress – Helper plugin <= 1.1.4 - Arbitrary Content Deletion vulnerability
Unauthenticated Arbitrary Content Deletion in OpenAI Chatbot for WordPress – Helper = 1.1.4 versions...
CVE-2025-69134
CVE-2025-69134: WordPress OpenAI Chatbot for WordPress – Helper plugin
PT-2026-54964
Unauthenticated Arbitrary Content Deletion in OpenAI Chatbot for WordPress – Helper = 1.1.4 versions...
WordPress OpenAI Chatbot for WordPress – Helper plugin <= 1.1.4 - Arbitrary Content Deletion vulnerability
Arbitrary Content Deletion vulnerability discovered by Denver Jackson in WordPress Plugin OpenAI Chatbot for WordPress – Helper versions = 1.1.4...
CVE-2026-39433
Subscriber Arbitrary Content Deletion in WPAMS 49.5.3 versions...
CVE-2025-69103
Subscriber Arbitrary Content Deletion in Brikk = 3.0.0 versions...
CVE-2026-39433
The CVE-2026-39433 entry concerns the WordPress WPAMS plugin (Apartment Management) with versions
CVE-2026-39433 WordPress WPAMS plugin < 49.5.3 - Arbitrary Content Deletion vulnerability
Subscriber Arbitrary Content Deletion in WPAMS 49.5.3 versions...
PT-2026-50080
Subscriber Arbitrary Content Deletion in Brikk = 3.0.0 versions...
PT-2026-50092
Subscriber Arbitrary Content Deletion in WPAMS 49.5.3 versions...
CVE-2026-6512
The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to permanently delete...
WordPress Brikk theme <= 3.0.0 - Arbitrary Content Deletion vulnerability
Arbitrary Content Deletion vulnerability discovered by Denver Jackson in WordPress Theme Brikk versions = 3.0.0...
CVE-2026-6512
The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to permanently delete...
WordPress plugin InfusedWoo Pro 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-6965 Tutor LMS <= 3.9.9 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Post Deletion via 'course' GET Parameter
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9.9. This is due to the getcourseidby function unconditionally trusting the user-supplied course GET parameter as the authoritative course ...
CVE-2026-6965 Tutor LMS <= 3.9.9 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Post Deletion via 'course' GET Parameter
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9.9. This is due to the getcourseidby function unconditionally trusting the user-supplied course GET parameter as the authoritative course ...
CVE-2026-40309
Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cTrash.empty function does not validate anti-CSRF tokens for trash management requests. An attacker can induce a logged-in administrator to submit a forged request that empties the trash and permanent...