48857 matches found
CVE-2025-14455
The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.7. This is due to the plugin not properly verifying that a user is authorized to perform actions on gallery management functions. This makes it possible fo...
CVE-2025-14455
The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.7. This is due to the plugin not properly verifying that a user is authorized to perform actions on gallery management functions. This makes it possible fo...
EUVD-2025-204522
The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.7. This is due to the plugin not properly verifying that a user is authorized to perform actions on gallery management functions. This makes it possible fo...
PT-2025-52438
The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.7. This is due to the plugin not properly verifying that a user is authorized to perform actions on gallery management functions. This makes it possible fo...
CVE-2025-14618 Sweet Energy Efficiency <= 1.0.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Graph Deletion
The Sweet Energy Efficiency plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on the 'sweetenergyefficiencyaction' AJAX handler in all versions up to, and including, 1.0.6. This makes it possible for authenticated attackers...
Kentico Xperience 安全漏洞
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from an access control bypass vulnerability that can be exploited by an attacker to cause an account takeover...
CVE-2025-68399
ChurchCRM is an open-source church management system. In versions prior to 6.5.4, there is a Stored Cross-Site Scripting XSS vulnerability within the GroupEditor.php page of the application. When a user attempts to create a group role, they can execute malicious JavaScript. However, for this to...
CVE-2025-68399
ChurchCRM security advisory documents describe a Stored Cross-Site Scripting (XSS) in the GroupEditor.php page occurring in versions prior to 6.5.4 . The vulnerability allows an attacker to inject JavaScript when creating a group role, but requires the attacker to have permission to view and modi...
CVE-2025-13880 WP Social Ninja - Embed Social Feeds, Customer Reviews, Chat Widgets (Google Reviews, YouTube Feed, Photo Feeds, and More) <= 4.0.1 - Missing Authorization to Unauthenticated Plugin's Settings Disclosure And Modification
The WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets Google Reviews, YouTube Feed, Photo Feeds, and More plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the getAdvanceSettings and saveAdvanceSettings...
EUVD-2025-203870
The WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets Google Reviews, YouTube Feed, Photo Feeds, and More plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the getAdvanceSettings and saveAdvanceSettings...
CVE-2025-13880 WP Social Ninja - Embed Social Feeds, Customer Reviews, Chat Widgets (Google Reviews, YouTube Feed, Photo Feeds, and More) <= 4.0.1 - Missing Authorization to Unauthenticated Plugin's Settings Disclosure And Modification
The WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets Google Reviews, YouTube Feed, Photo Feeds, and More plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the getAdvanceSettings and saveAdvanceSettings...
PT-2025-51811
The WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets Google Reviews, YouTube Feed, Photo Feeds, and More plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the getAdvanceSettings and saveAdvanceSettings...
CVE-2025-14003
The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the addimagestogallerycallback function in all versions up to, and including, 2.13.3. This makes it possible for authenticated attackers, wit...
CVE-2025-12362
The myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.9.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This mak...
CVE-2025-14446 Popup Builder <= 1.1.37 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Reset
The Popup Builder Easy Notify Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the easynotifycpreset function in all versions up to, and including, 1.1.37. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-14170
The Vimeo SimpleGallery plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 0.2. This is due to missing authorization checks on the vimeogalleryadmin function hooked to adminmenu. This makes it possible for authenticated attackers, with Subscriber-lev...
EUVD-2025-203181
OpenPLCV3 is vulnerable to a cross-site request forgery CSRF attack due to the absence of proper CSRF validation. This issue allows an unauthenticated attacker to trick a logged-in administrator into visiting a maliciously crafted link, potentially enabling unauthorized modification of PLC settin...
PT-2025-51044
The Employee Spotlight – Team Member Showcase & Meet the Team Plugin for WordPress is vulnerable to unauthorized tracking settings modification due to missing authorization validation on the employee spotlight check optin function in all versions up to, and including, 5.1.3. This makes it possibl...
PT-2025-51034
Name of the Vulnerable Software and Affected Versions OpenPLC V3 affected versions not specified Description The software is susceptible to a cross-site request forgery CSRF attack because of missing CSRF validation. An unauthenticated attacker can potentially trick a logged-in administrator into...
EUVD-2025-203015
The Vimeo SimpleGallery plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 0.2. This is due to missing authorization checks on the vimeogalleryadmin function hooked to adminmenu. This makes it possible for authenticated attackers, with Subscriber-lev...