Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the PageRules::create process in the page rules component. An attacker can publish a page without the required status-change permission by creating it as a non-draft. This lets a user who is allowed to create...

CVE-2026-1004

CVE-2026-1004 affects the Essential Addons for Elementor plugin for WordPress (versions up to and including 6.5.5). The flaw, via the eael_product_quickview_popup function, allows unauthenticated attackers to exfiltrate WooCommerce product information for items with draft, pending, or private sta...

CVE-2024-10937 Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins <= 2.0.58 - Sensitive Information Exposure

The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.58 via the wpajaxnoprivrelatedpostajaxgetpostids AJAX action. This makes it possible for...

CVE-2024-3733

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.9.15 via the ajaxloadmore , eaelwoopaginationproductajax, and ajaxeaelproductgallery...