CVE-2026-2732

The Enable Media Replace plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'RemoveBackGroundViewController::load' function in all versions up to, and including, 4.1.7. This makes it possible for authenticated attackers, with...

CVE-2026-2732

The Enable Media Replace plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'RemoveBackGroundViewController::load' function in all versions up to, and including, 4.1.7. This makes it possible for authenticated attackers, with...

CVE-2026-2694 The Events Calendar <= 6.15.16 - Improper Authorization to Authenticated (Contributor+) Event/Organizer/Venue Update/Trash via REST API

The The Events Calendar plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to an improper capability check on the 'canedit' and 'candelete' function in all versions up to, and including, 6.15.16. This makes it possible for authenticated attackers, with...

WordPress plugin SiteSEO 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An authorizati...

EUVD-2025-23262

Malicious code in bioql PyPI...

CVE-2023-6810

The ClickCease Click Fraud Protection plugin for WordPress is vulnerable to unauthorized access of data due to an improper capability check on the getsettings function in all versions up to, and including, 3.2.4. This makes it possible for authenticated attackers, with author access and above, to...

CVE-2024-9890

The User Toolkit plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.3. This is due to an improper capability check in the 'switchUser' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log i...

CVE-2024-9890 User Toolkit <= 1.2.3 - Authenticated (Subscriber+) Authentication Bypass

The User Toolkit plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.3. This is due to an improper capability check in the 'switchUser' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log i...

CVE-2024-9890 User Toolkit <= 1.2.3 - Authenticated (Subscriber+) Authentication Bypass

The User Toolkit plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.3. This is due to an improper capability check in the 'switchUser' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log i...

PT-2024-39916 · WordPress · User Toolkit

Name of the Vulnerable Software and Affected Versions: User Toolkit plugin for WordPress versions up to, and including, 1.2.3 Description: The issue is related to an improper capability check in the switchUser function, allowing authenticated attackers with subscriber-level permissions and above ...

CVE-2023-6491

The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtstsaveviewsticky function in all versions up to, and including, 3.1.12. This makes it possible for authenticated attackers, with contributor access and...

CVE-2024-1677

The Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to an improper capability check on 42 separate AJAX functions in all versions up to, and...

CVE-2023-6742

The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'enviragalleryinsertimages' function in all versions up to, and including, 1.8.7.1. This makes it possible for authenticated...

CVE-2023-6742 Envira Gallery Lite <= 1.8.7.2 - Missing Authorization to Gallery Modification via envira_gallery_insert_images

The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'enviragalleryinsertimages' function in all versions up to, and including, 1.8.7.1. This makes it possible for authenticated...

Moodle < 2.7.13 / 2.8.x < 2.8.11 / 2.9.x < 2.9.5 / 3.0.x < 3.0.3 Multiple Vulnerabilities

Binary data 9194.prm...