CVE-2025-10038 Binary MLM Plan <= 3.0 - Unauthenticated Limited Privilege Escalation

The Binary MLM Plan plugin for WordPress is vulnerable to limited Privilege Escalation in all versions up to, and including, 3.0. This is due to bmpuser role granting all users with the managebmp capability by default upon registration through the plugin's form. This makes it possible for...

CVE-2019-19984

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed users with editpost capabilities to manage plugin settings and email campaigns...