CVE-2026-4002

The Petje.af plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 2.1.8. This is due to missing nonce validation in the ajaxrevoketoken function which handles the 'petjeafdisconnect' AJAX action. The function performs destructive operations includin...

PT-2026-33024

The Petje.af plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 2.1.8. This is due to missing nonce validation in the ajax revoke token function which handles the 'petjeaf disconnect' AJAX action. The function performs destructive operations...

CVE-2024-10900

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmremovefileattachment function in all versions up to, and including, 5.9.3.6. This makes it possible for authenticated attacker...

WordPress plugin Post Meta Data Manager security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2023-6743 · WordPress · Post Meta Data Manager

Name of the Vulnerable Software and Affected Versions: Post Meta Data Manager plugin for WordPress versions up to, and including, 1.2.0 Description: The issue is related to incorrect authorization procedures in the pmdm wp delete user meta, pmdm wp delete term meta, and pmdm wp ajax delete meta...