4 matches found
SUSE CVE-2025-3063
The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajaxcallbackupdatesaoption function in versions 2.0 to 2.1. This makes it possible for authenticated attackers, with...
EUVD-2026-11097
The Datalogics Ecommerce Delivery WordPress plugin before 2.6.60 exposes an unauthenticated REST endpoint that allows any remote user to modify the option datalogicstoken without verification. This token is subsequently used for authentication in a protected endpoint that allows users to perform...
CVE-2021-4331
The Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 4.1.9 pro and 2.0.6 free. The plugin adds a registration form to the Elementor page builders functionality. As part of the registration form, users can choose which role to se...
Alphabetic Pagination < 3.0.8 - Unauthenticated Arbitrary Option Update
The plugin does not have any proper authorisation in place when updating some settings via a REST endpoint, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary option from the blog and allow registration with a...