WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.9 - Missing Authorization to Authenticated (Subscriber+) License Deactivation via deactivate_license vulnerability

WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin = 9.1.9 - Missing Authorization to Authenticated Subscriber+ License Deactivation via deactivatelicense vulnerability discovered by Legion Hunter in WordPress Plugin NEX-Forms versions = 9.1.9...

WordPress Search, Filters & Merchandising for WooCommerce plugin <= 3.0.63 - Missing Authorization to Authenticated (Subscriber+) plugin Deactivation vulnerability

Missing Authorization to Authenticated Subscriber+ plugin Deactivation vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Search, Filters & Merchandising for WooCommerce versions = 3.0.63...

CVE-2025-10746 Integrate Dynamics 365 CRM <= 1.0.9 - Missing Authorization

The Integrate Dynamics 365 CRM plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.9. This is due to missing capability checks and nonce verification on functions hooked to 'init'. This makes it possible for unauthenticated attackers to deactivate t...

EUVD-2022-0018

Malicious code in bioql PyPI...

CVE-2025-49511 WordPress Civi Framework plugin <= 2.1.6 - Cross Site Request Forgery (CSRF) to User Deactivation vulnerability

Cross-Site Request Forgery CSRF vulnerability in uxper Civi Framework civi-framework allows Cross Site Request Forgery.This issue affects Civi Framework: from n/a through = 2.1.6...

WordPress Eleblog – Elementor Blog And Magazine Addons plugin <= 1.8 - Missing Authorization to Authenticated (Subscriber+) Deactivation Submission vulnerability

Missing Authorization to Authenticated Subscriber+ Deactivation Submission vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin Eleblog – Elementor Blog And Magazine Addons versions = 1.8...

WordPress Smart Online Order for Clover plugin <= 1.5.6 - Missing Authorization to Plugin Deactivation and Data Deletion vulnerability

Missing Authorization to Plugin Deactivation and Data Deletion vulnerability discovered by Lucio Sá in WordPress Plugin Smart Online Order for Clover versions = 1.5.6...

CVE-2024-2035 Improper Authorization in zenml-io/zenml

An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the active status of user accounts to false,...

CVE-2024-32677 WordPress LoginPress Pro plugin < 3.0.0 - Unauth. License Activation/Deactivation vulnerability

Missing Authorization vulnerability in LoginPress LoginPress Pro.This issue affects LoginPress Pro: from n/a before 3.0.0...

WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary Plugin Activation/Deactivation Vulnerability

Subscriber+ Arbitrary Plugin Activation/Deactivation Vulnerability discovered by Dave Jong Patchstack in WordPress Plugin ARForms versions = 6.4...

WordPress plugin Counter Box 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists i...