25 matches found
CVE-2026-2515
The Hostinger Reach – AI-Powered Email Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handleajaxaction' function in all versions up to, and including, 1.3.8. This makes it possible for authenticated...
CVE-2026-2515
The Hostinger Reach – AI-Powered Email Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handleajaxaction' function in all versions up to, and including, 1.3.8. This makes it possible for authenticated...
CVE-2026-2515
The Hostinger Reach – AI-Powered Email Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handleajaxaction' function in all versions up to, and including, 1.3.8. This makes it possible for authenticated...
EUVD-2026-29918
The Hostinger Reach – AI-Powered Email Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handleajaxaction' function in all versions up to, and including, 1.3.8. This makes it possible for authenticated...
CVE-2026-2515 Hostinger Reach <= 1.3.8 - Missing Authorization to Authenticated (Subscriber+) Integration API Key Update
The Hostinger Reach – AI-Powered Email Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handleajaxaction' function in all versions up to, and including, 1.3.8. This makes it possible for authenticated...
CVE-2026-2515
The Hostinger Reach plugin for WordPress (v
CVE-2026-2515 Hostinger Reach <= 1.3.8 - Missing Authorization to Authenticated (Subscriber+) Integration API Key Update
The Hostinger Reach – AI-Powered Email Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handleajaxaction' function in all versions up to, and including, 1.3.8. This makes it possible for authenticated...
WordPress plugin Hostinger Reach 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-40586
The Hostinger Reach – AI-Powered Email Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handle ajax action' function in all versions up to, and including, 1.3.8. This makes it possible for authenticated...
WordPress Hostinger Reach – AI-Powered Email Marketing for WordPress plugin <= 1.3.8 - Missing Authorization to Authenticated (Subscriber+) Integration API Key Update vulnerability
Missing Authorization to Authenticated Subscriber+ Integration API Key Update vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Hostinger Reach AI-Powered Email Marketing for WordPress versions = 1.3.8...
hostinger : 1 Click Account Takeover via Auth Token Theft on marketing.hostinger.com
The vulnerability discovered in the marketing.hostinger.com subdomain allowed for one-click account takeover through the theft of authentication tokens. An attacker could exploit the whitelisted redirect functionality of the subdomain to steal a victim's authentication token, which could then be...
CVE-2023-6751
The Hostinger plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the function publishwebsite in all versions up to, and including, 1.9.7. This makes it possible for unauthenticated attackers to enable and disable maintenance mode...
CVE-2023-6751
The Hostinger plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the function publishwebsite in all versions up to, and including, 1.9.7. This makes it possible for unauthenticated attackers to enable and disable maintenance mode...
Hardcoded credentials
The Hostinger plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the function publishwebsite in all versions up to, and including, 1.9.7. This makes it possible for unauthenticated attackers to enable and disable maintenance mode...
CVE-2023-6751 Hostinger <= 1.9.7 - Missing Authorization to Maintenance Mode Activation
The Hostinger plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the function publishwebsite in all versions up to, and including, 1.9.7. This makes it possible for unauthenticated attackers to enable and disable maintenance mode...
CVE-2023-6751
The CVE-2023-6751 vulnerability affects the Hostinger WordPress plugin and allows unauthenticated attackers to update plugin settings by exploiting a missing capability check in publish_website. Affected versions are all up to and including 1.9.7; impact includes enabling/disabling maintenance mo...
WordPress Plugin Hostinger Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress Hostinger Plugin <= 1.9.7 is vulnerable to Broken Access Control
Software Hostinger Type Plugin Vulnerable versions = 1.9.7 Fixed in 1.9.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6751 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 4fa08c339ad7 Credits Lucio Sá Required privilege...
Hostinger < 1.9.8 - Unauthenticated Maintenance Mode Toggle
Description The Hostinger plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the function publishwebsite in all versions up to, and including, 1.9.7. This makes it possible for unauthenticated attackers to enable and disable maintenance...
PT-2023-8309 · Hostinger · Hostinger Plugin For Wordpress
Name of the Vulnerable Software and Affected Versions: Hostinger plugin for WordPress versions up to, and including, 1.9.7 Description: The issue is related to the public website function of the Hostinger plugin for WordPress, which has weaknesses in its authorization procedure. This can allow a...