8 matches found
CVE-2025-12348
CVE-2025-12348 is an issue in the Icegram Express Email Subscribers & Newsletters WordPress plugin. According to the connected Wordfence document, versions up to and including 5.9.10 are vulnerable to Missing Authorization in the run_action_scheduler_task function, allowing unauthenticated attack...
PT-2025-50244
Name of the Vulnerable Software and Affected Versions STVS ProVision version 5.9.10 Description The software contains a cross-site request forgery issue. This allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. An attacker can create new...
PT-2025-47426
The Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin for WordPress is vulnerable to Authorization in versions up to, and including, 5.9.10. This is due to the plugin not properly verifying that a user is authorized to perform an action in the trigger mailing queue...
CVE-2024-43235
Missing Authorization vulnerability in MetaBox.Io Meta Box – WordPress Custom Fields Framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meta Box – WordPress Custom Fields Framework: from n/a through 5.9.10...
WordPress Event post plugin <= 5.9.10 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Francesco Carlucci in WordPress Plugin Event post versions = 5.9.10...
CVE-2024-2650
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the alignment parameter in the Woo Product Carousel widget in all versions up to, and including, 5.9.10 due to insufficient inp...
PT-2024-21408 · WordPress · Essential Addons For Elementor
Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor plugin for WordPress versions up to, and including, 5.9.10 Description: The issue is related to Stored Cross-Site Scripting via the alignment parameter in the Woo Product Carousel widget. This is due to...
AZL-26300 CVE-2023-26463 affecting package strongswan for versions less than 5.9.10-1
strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrust...