CVE-2026-4162

The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access a...

EUVD-2026-21356

The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access a...

PT-2026-20278

Name of the Vulnerable Software and Affected Versions Slider Future versions up to and including 1.0.5 Description The Slider Future plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the slider future handle image upload function. This...

FroshAdminer Adminer UI is accessible without admin session

Summary Unauthenticated access to Adminer UI Details The Adminer route /admin/adminer was accessible without Shopware admin authentication. The route was configured with authrequired=false and performed no session validation, exposing the Adminer UI to unauthenticated users. Note: Database access...

CVE-2025-12091

The Search, Filters & Merchandising for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcissaveemail' endpoint in all versions up to, and including, 3.0.67. This makes it possible for authenticated attackers, with...

CVE-2025-12892

The Survey Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivatepluginoption function in all versions up to, and including, 5.1.9.4. This makes it possible for unauthenticated attackers to update the...

CVE-2025-12892

The Survey Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivatepluginoption function in all versions up to, and including, 5.1.9.4. This makes it possible for unauthenticated attackers to update the...

CVE-2025-12892 Survey Maker <= 5.1.9.4 - Missing Authorization Unauthenticated Limited Option Update

The Survey Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivatepluginoption function in all versions up to, and including, 5.1.9.4. This makes it possible for unauthenticated attackers to update the...

EUVD-2025-150408

The Survey Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivatepluginoption function in all versions up to, and including, 5.1.9.4. This makes it possible for unauthenticated attackers to update the...

PT-2025-46781

Name of the Vulnerable Software and Affected Versions Survey Maker plugin for WordPress versions up to and including 5.1.9.4 Description The software is susceptible to unauthorized data modification. This is due to a missing capability check within the deactivate plugin option function. This allo...

WordPress plugin Survey Maker 安全漏洞

WordPress Survey Maker plugin is a tool for creating questionnaires with support for multiple question types and data analysis features for businesses or individuals to collect user feedback. WordPress Survey Maker plugin suffers from a missing capability check vulnerability, which stems from a...

CVE-2025-10849

CVE-2025-10849 : Felan Framework WordPress plugin contains an unauthorized data modification vulnerability due to a missing capability check in process_plugin_actions (AJAX). Affected versions up to 1.1.4 allow unauthenticated attackers to activate/deactivate plugins. Wordfence lists the patch st...

CVE-2025-8606

The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less than, or equal to, 1.3.23. This is due to missing or incorrect nonce validation on the activateplugin and deactivateplugin functions. This makes it possible for attackers to tri...

EUVD-2025-27632

Malicious code in bioql PyPI...

CVE-2025-8102

CVE-2025-8102: Easy Digital Downloads for WordPress (versions ≤ 3.5.0) is vulnerable to Cross-Site Forgery via missing nonce checks in edd_sendwp_disconnect and edd_sendwp_remote_install. This CSRF allows unauthenticated attackers to deactivate or trigger activation/deactivation of the SendWP plu...

CVE-2024-12006

CVE-2024-12006 concerns the W3 Total Cache WordPress plugin. The Red Hat advisory confirms the root cause: a missing capability check in multiple functions, affecting all versions up to and including 2.8.1. This flaw allows unauthenticated users to modify data by deactivating the plugin and by ac...

PT-2024-34276

Name of the Vulnerable Software and Affected Versions: WP Query Console versions n/a through 1.0 Hunk Companion versions prior to 1.9.0 Description: The issue is related to an Improper Control of Generation of Code 'Code Injection' vulnerability, which allows code injection. This vulnerability...

PT-2024-30777 · WordPress · Ti Woocommerce Wishlist

Name of the Vulnerable Software and Affected Versions: TI WooCommerce Wishlist versions n/a through 2.8.2 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This vulnerability affects over 100,000 sites...

CVE-2024-7032

The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'moodeactivateAndClean' function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to deactivate the plugin an...

CVE-2023-4247

The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the givesendwpdisconnect function. This makes it possible for unauthenticated attackers to deactivate the SendWP plugin via...