5 matches found
CVE-2026-1832
CVE-2026-1832 affects ThriveDesk for WordPress (plugin up to version 2.1.7). The vulnerability is due to a missing capability check on the AJAX action thrivedesk_clear_cache , enabling authenticated attackers with Subscriber level access and above to delete the plugin cache. The report cites impa...
CVE-2026-4949
The connected Patchstack entry documents a concrete vulnerability in WordPress ProfilePress plugin, versions
CVE-2026-22680 OpenViking < 0.3.3 Missing Authorization via Task Polling
OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allows unauthorized attackers to enumerate or retrieve background task metadata created by other users. Attackers can access the /api/v1/tasks and /api/v1/tasks/taskid routes withou...
CVE-2026-3550 RockPress <= 1.0.17 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via AJAX Actions
The RockPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.17. This is due to missing capability checks on multiple AJAX actions rockpressimport, rockpressimportstatus, rockpresslastimport, rockpressresetimport, and rockpresscheckservices...
EUVD-2026-11939
Missing Authorization vulnerability in wppochipp Pochipp pochipp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pochipp: from n/a through 1.18.9...