12 matches found
CVE-2025-12582
The Features plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'featuresrevertoption AJAX endpoint in all versions up to, and including, 0.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above...
CVE-2025-12582
The Features plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'featuresrevertoption AJAX endpoint in all versions up to, and including, 0.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above...
CVE-2025-12582 Features <= 0.0.2 - Missing Authorization to Authenticated (Subscriber+) Option Reset
The Features plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'featuresrevertoption AJAX endpoint in all versions up to, and including, 0.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above...
CVE-2025-12582
The CVE-2025-12582 vulnerability affects the WordPress Features plugin up to version 0.0.2, caused by a missing capability check on the features_revert_option AJAX endpoint. This allows authenticated users with Subscriber-level access (and above) to modify data by reverting options, exposing unau...
CVE-2025-12582 Features <= 0.0.2 - Missing Authorization to Authenticated (Subscriber+) Option Reset
The Features plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'featuresrevertoption AJAX endpoint in all versions up to, and including, 0.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above...
PT-2025-45065
Name of the Vulnerable Software and Affected Versions Features plugin for WordPress versions up to and including 0.0.2 Description The Features plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check on the features revert option API...
EUVD-2015-1114
Malware in sbrugna...
CVE-2015-10104
A vulnerability, which was classified as problematic, has been found in Icons for Features Plugin 1.0.0 on WordPress. Affected by this issue is some unknown functionality of the file classes/class-icons-for-features-admin.php. The manipulation of the argument redirecturl leads to open redirect. T...
Open redirect
A vulnerability, which was classified as problematic, has been found in Icons for Features Plugin 1.0.0 on WordPress. Affected by this issue is some unknown functionality of the file classes/class-icons-for-features-admin.php. The manipulation of the argument redirecturl leads to open redirect. T...
CVE-2015-10104 Icons for Features Plugin class-icons-for-features-admin.php redirect
A vulnerability, which was classified as problematic, has been found in Icons for Features Plugin 1.0.0 on WordPress. Affected by this issue is some unknown functionality of the file classes/class-icons-for-features-admin.php. The manipulation of the argument redirecturl leads to open redirect. T...
CVE-2015-10104 Icons for Features Plugin class-icons-for-features-admin.php redirect
A vulnerability, which was classified as problematic, has been found in Icons for Features Plugin 1.0.0 on WordPress. Affected by this issue is some unknown functionality of the file classes/class-icons-for-features-admin.php. The manipulation of the argument redirecturl leads to open redirect. T...
CVE-2015-10104
CVE-2015-10104 affects Icons for Features Plugin (WordPress) v1.0.0, where manipulation of the redirect_url parameter in the file classes/class-icons-for-features-admin.php enables an open redirect. The issue is remote in nature. A fix is available by upgrading to v1.0.1 (patch 63124c021ae24b68e5...