141 matches found
WordPress Location Weather – WordPress Weather Forecast, AQI, Temperature and Weather Widget plugin <= 3.0.2 - Missing Authorization to Authenticated (Contributor+) Block Settings Modification and Cache Purging vulnerability
Missing Authorization to Authenticated Contributor+ Block Settings Modification and Cache Purging vulnerability discovered by momopon1415 in WordPress Plugin Location Weather versions = 3.0.2...
Astra Linux - уязвимость в openjdk-11
Vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: JNDI. The supported versions affected include Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3, and 22.2.0. This vulnerabili...
PT-2026-42223
Name of the Vulnerable Software and Affected Versions XWiki Platform versions prior to 16.10.17 XWiki Platform versions prior to 17.4.9 XWiki Platform versions prior to 17.10.3 XWiki Platform versions prior to 18.1.0-rc-1 Description The 'POST /wikis/wikiName' API executes a XAR import without...
WordPress Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin <= 1.7.1056 - Missing Authorization to Unauthenticated Form Action Meta Modification vulnerability
Missing Authorization to Unauthenticated Form Action Meta Modification vulnerability discovered by Nguyen C in WordPress Plugin Royal Elementor Addons versions = 1.7.1056...
CVE-2026-4063
The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in the addmenuitem method hooked to adminmenu in all versions up to, and including, 4.5.8. This is due to the method performing wpinsertpost and...
CVE-2025-14886
CVE-2025-14886 concerns Japanized for WooCommerce for WordPress. It is a data modification vulnerability due to missing capability check on the order REST API endpoint, affecting all versions up to and including 2.7.17. Unauthenticated attackers could mark any WooCommerce order as processed/compl...
CVE-2025-11771 Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO <= 2.4.6 - Missing Authentication to Unauthenticated Presale Update
The Cryptocurrency Token, Launchpad Presale, ICO & IDO, Airdrop by TokenICO plugin for WordPress is vulnerable to unauthenticated and unauthorized modification of data due to missing authentication and capability checks on the 'createSaleRecord' function in all versions up to, and including, 2.4....
WordPress Cryptocurrency Payment Gateway for WooCommerce plugin unauthorized data modification vulnerability
WordPress Cryptocurrency Payment Gateway for WooCommerce plugin is a virtual currency payment collection plugin designed for WooCommerce e-commerce platform. WordPress Cryptocurrency Payment Gateway for WooCommerce plugin suffers from an unauthorized data modification vulnerability that stems fro...
PT-2025-47432
The WSChat – WordPress Live Chat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'reset settings' AJAX endpoint in all versions up to, and including, 3.1.6. This makes it possible for authenticated attackers, with Subscriber-level...
EUVD-2025-197941
The ACF Flexible Layouts Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'acfflmupdatetemplatewithpastedlayout' function in all versions up to, and including, 1.1.6. This makes it possible for unauthenticated attackers to...
CVE-2025-11172 Check Plagiarism <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update
The Check Plagiarism plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the chkplagminepluginwpse10500adminaction function in all versions up to, and including, 2.0. This makes it possible for authenticated attackers, with Subscriber-level...
EUVD-2021-26258
Malware in sbrugna...
EUVD-2020-13687
Malware in sbrugna...
EUVD-2019-8973
Malware in sbrugna...
EUVD-2015-6411
Malware in sbrugna...
EUVD-2019-8971
Malware in sbrugna...
EUVD-2018-18816
Malware in sbrugna...
EUVD-2015-7863
Malware in sbrugna...
EUVD-2018-0261
Malware in sbrugna...
CVE-2025-11228
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the registerAssociateFormsWithCampaign function in all versions up to, and including, 4.10.0. This makes it possible for unauthenticat...