EUVD-2026-23382

The Canto plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 3.1.1. This is due to the absence of any capability check or nonce verification in the updateOptions function, which is exposed via two AJAX hooks: wpajaxupdateOptions class-canto.php line 231 an...

PT-2026-1565

Name of the Vulnerable Software and Affected Versions Quote Comments plugin for WordPress versions through 3.0.0 Description The Quote Comments plugin for WordPress is susceptible to a missing authorization issue. This flaw stems from the absence of proper authorization checks within the...

CVE-2025-12005

The WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress plugin for WordPress is vulnerable to unauthorized access of data in all versions up to, and including, 8.5.41. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it...

WordPress plugin Industrial 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-3932 · WordPress · The Buzz Club – Night Club

Name of the Vulnerable Software and Affected Versions: The Buzz Club – Night Club, DJ and Music Festival Event WordPress Theme versions up to, and including, 2.0.4 Description: The issue allows unauthorized modification of data, potentially leading to a denial of service. This is due to a missing...

CVE-2024-7574

The Christmasify! plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.5. This is due to missing nonce validation on the 'options' function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious...

WordPress plugin Tabs 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2009-2574

CVE-2009-2574 affects MiniTwitter 0.2 beta. The flaw in index.php lets remote authenticated users modify certain options of arbitrary accounts via an opt action. Exploitation is documented (Exploit-DB) and related references link to insecure parameter handling; CVSS from NVD indicates a medium ri...

CVE-2009-2574

index.php in MiniTwitter 0.2 beta allows remote authenticated users to modify certain options of arbitrary accounts via an opt action...