5 matches found
CVE-2025-14866
The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.1. This is due to a misconfigured capability check on the 'savesecondaryrolesfield' function. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-12971
The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on the 'wcpchangepostfolder' function in all versions up to, and including, 3.1.5. This make...
CVE-2025-12621 Flexible Refund and Return Order for WooCommerce <= 1.0.42 - Incorrect Authorization to Authenticated (Contributor+) Refund Status Update
The Flexible Refund and Return Order for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on the 'createrefund' function in all versions up to, and including, 1.0.42. This makes it possible for authenticated attackers, wit...
WordPress plugin MultiVendorX – WooCommerce Multivendor Marketplace Solutions 安全漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability in WordPress plugin MultiVendorX -...
CVE-2025-2331
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.22.1 via a misconfigured capability check in the 'permissionsCheck' function. This makes it possible for authenticated attackers, with...