21436 matches found
Exploit for CVE-2026-0628
CVE-2026-0628-POC Prueba de concepto PoC para CVE-2026-0628,...
CVE-2025-46434
Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro thepluselementoraddon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a through 6.3.7...
CVE-2025-46434 WordPress The Plus Addons for Elementor Pro plugin < 6.3.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro thepluselementoraddon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a through 6.3.7...
CVE-2025-46434 WordPress The Plus Addons for Elementor Pro plugin < 6.3.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro thepluselementoraddon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a through 6.3.7...
CVE-2025-46434
CVE-2025-46434 corresponds to a Missing Authorization / Broken Access Control vulnerability in the WordPress plugin "The Plus Addons for Elementor Pro" (prior to v6.3.7). The issue arises from incorrectly configured access control levels, enabling unauthorized access to actions or data that shoul...
CVE-2025-69344
Missing Authorization vulnerability in themehunk Oneline Lite oneline-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Oneline Lite: from n/a through = 6.6...
CVE-2025-69333
Missing Authorization vulnerability in Crocoblock JetEngine jet-engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through = 3.8.1.1...
CVE-2025-14370
The Quote Comments plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.0. This is due to missing authorization checks in the quotecommentsaddadmin function. This makes it possible for authenticated attackers, with Subscriber-level access and above...
CVE-2025-13722
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.7. This is due to missing capability checks on the fluentformaicreateform AJAX action. This makes it...
CVE-2025-69333
CVE-2025-69333 describes a Missing Authorization vulnerability in Crocoblock JetEngine (JetEngine) that allows exploitation of incorrectly configured Access Control security levels. Affected product: JetEngine; version range indicated as up to 3.8.1.1. The connected Red Hat advisory and the initi...
CVE-2025-69333 WordPress JetEngine plugin <= 3.8.1.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Crocoblock JetEngine jet-engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through = 3.8.1.1...
CVE-2025-69333 WordPress JetEngine plugin <= 3.8.1.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Crocoblock JetEngine jet-engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through = 3.8.1.1...
CVE-2025-69344 WordPress Oneline Lite theme <= 6.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in themehunk Oneline Lite oneline-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Oneline Lite: from n/a through = 6.6...
CVE-2025-69344 WordPress Oneline Lite theme <= 6.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in themehunk Oneline Lite oneline-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Oneline Lite: from n/a through = 6.6...
CVE-2025-13722
CVE-2025-13722 affects Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder for WordPress. Wordfence reports Missing Authorization in the fluentform_ai_create_form AJAX action, allowing authenticated attackers with Subscriber+ privileges to create arbitrary forms...
CVE-2025-13722 Fluent Forms <= 6.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Creation via AI Builder
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.7. This is due to missing capability checks on the fluentformaicreateform AJAX action. This makes it...
CVE-2025-14460 Piraeus Bank WooCommerce Payment Gateway <= 3.1.4 - Missing Authorization to Unauthenticated Arbitrary Order Status Change
The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to unauthorized order status modification in all versions up to, and including, 3.1.4. This is due to missing authorization checks on the payment callback endpoint handler when processing the 'fail' callback from the...
CVE-2025-14070 Reviewify <= 1.0.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary WooCommerce Coupon Creation
The Reviewify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sendtestemail' AJAX action in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Contributor-level access and above, to...
CVE-2025-14441
The Popupkit plugin for WordPress is vulnerable to arbitrary subscriber data deletion due to missing authorization on the DELETE /subscribers REST API endpoint in all versions up to, and including, 2.2.0. This is due to the permissioncallback only validating wprest nonce without checking user...
CVE-2025-1249
Missing Authorization vulnerability in Marcus aka @msykes Events Manager events-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Events Manager: from n/a through = 6.6.4.1...