11 matches found
CVE-2026-13250
The Solace Extra plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.5.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to permanently delete all...
EUVD-2026-43141
The Solace Extra plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.5.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to permanently delete all...
CVE-2026-13250 Solace Extra <= 1.5.3 - Missing Authorization to Unauthenticated Arbitrary Content Deletion via delete_previously_imported AJAX Action
The Solace Extra plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.5.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to permanently delete all...
CVE-2026-13250
Solace Extra (WordPress) up to version 1.5.3 is affected by an authorization bypass in the delete_previously_imported AJAX action. The issue allows unauthenticated users to permanently delete content imported via the Starter Template (posts, pages, media, WooCommerce products, terms, sitebuilder ...
WordPress plugin Post Snippets 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
EUVD-2023-43883
Malicious code in bioql PyPI...
WordPress WP All Import Pro plugin < 4.9.8 - Cross-Site Request Forgery to Imported Content Deletion vulnerability
Cross-Site Request Forgery to Imported Content Deletion vulnerability discovered by ? in WordPress Plugin WP All Import Pro versions 4.9.8...
WordPress WP All Import plugin <= 3.7.9 - Cross-Site Request Forgery to Imported Content Deletion
Cross-Site Request Forgery to Imported Content Deletion vulnerability discovered by ? in WordPress Plugin WP All Import versions = 3.7.9...
Royal Elementor Addons < 1.3.60 - Subscriber+ Arbitrary Import Deletion
The plugin does not have authorisation and CSRF checks when deleting imported content, which could allow any authenticated user, such as subscriber to perform such action...
CVE-2022-3679
The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...
CVE-2022-2903
The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...