CVE-2025-11370

CVE-2025-11370 concerns the Depicter — Popup & Slider Builder plugin for WordPress (versions up to 4.0.7). The vulnerability arises from a missing capability check in RulesAjaxController::store, enabling unauthenticated users to modify popup display settings. Wordfence’s vulnerability entry (and ...

CVE-2025-11370 Depicter <= 4.0.7 - Missing Authorization to Unauthenticated Display Rule Updates

The Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'store' function of the...

CVE-2025-11370 Depicter <= 4.0.7 - Missing Authorization to Unauthenticated Display Rule Updates

The Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'store' function of the...

PT-2026-1397

Name of the Vulnerable Software and Affected Versions Popup and Slider Builder by Depicter versions through 4.0.7 Description The Popup and Slider Builder by Depicter plugin for WordPress is susceptible to unauthorized data modification. A missing capability check within the store function of the...

WordPress plugin Depicter 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress Depicter plugin <= 4.0.7 - Missing Authorization to Unauthenticated Display Rule Updates vulnerability

Missing Authorization to Unauthenticated Display Rule Updates vulnerability discovered by Brizzle in WordPress Plugin Depicter Slider versions = 4.0.7...

CVE-2025-11373

The Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability checks in the "depicter-media-upload" AJAX route in all...

CVE-2025-11373

CVE-2025-11373 concerns the Depicter Popup & Slider Builder for WordPress. The root cause is a missing capability check in the depicter-media-upload AJAX route, affecting all versions up to and including 4.0.4. This enables authenticated attackers with Contributor-level access or higher to upload...

CVE-2025-11373 Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel <= 4.0.4 - Missing Authorization to Authenticated (Contributor+) Safe File Type Upload

The Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability checks in the "depicter-media-upload" AJAX route in all...

WordPress Depicter plugin cross-site request forgery vulnerability

WordPress Depicter plugin is a slider, popup and rotator image creation tool designed for WordPress, offering a no-code interface and rich customization features. The WordPress Depicter plugin suffers from a cross-site request forgery vulnerability, which originates from a web application that do...

Exploit for CVE-2025-2011

CVE-2025-2011 PoC Author: X3RX3S Purpose: A proof-o...

CVE-2025-8383

The Depicter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less than, or equal to, 4.0.4. This is due to missing or incorrect nonce validation on the depicter-document-rules-store function. This makes it possible for unauthenticated attackers to modify document rule...

CVE-2025-8383

CVE-2025-8383: Depicter for WordPress suffers a Cross-Site Request Forgery in versions

CVE-2025-8383 Depicter <= 4.0.4 - Cross-Site Request Forgery

The Depicter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less than, or equal to, 4.0.4. This is due to missing or incorrect nonce validation on the depicter-document-rules-store function. This makes it possible for unauthenticated attackers to modify document rule...

CVE-2025-8383 Depicter <= 4.0.4 - Cross-Site Request Forgery

The Depicter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less than, or equal to, 4.0.4. This is due to missing or incorrect nonce validation on the depicter-document-rules-store function. This makes it possible for unauthenticated attackers to modify document rule...

EUVD-2025-37312

The Depicter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less than, or equal to, 4.0.4. This is due to missing or incorrect nonce validation on the depicter-document-rules-store function. This makes it possible for unauthenticated attackers to modify document rule...

WordPress plugin Depicter 跨站请求伪造漏洞

WordPress Depicter plugin is a slider, popup and rotator image creation tool designed for WordPress, offering a no-code interface and rich customization features. The WordPress Depicter plugin suffers from a cross-site request forgery vulnerability, which originates from a web application that do...

EUVD-2024-44556

Malicious code in bioql PyPI...

EUVD-2024-44023

Malicious code in bioql PyPI...

WordPress Depicter Plugin SQL Injection (CVE-2025-2011)

The Slider & Popup Builder by Depicter plugin for WordPress use auxiliary/gather/wpdepictersqlicve20252011 msf auxiliarywpdepictersqlicve20252011 show actions ...actions... msf auxiliarywpdepictersqlicve20252011 set ACTION msf auxiliarywpdepictersqlicve20252011 show options ...show and set...