4 matches found
CVE-2026-3140
The Ultimate Dashboard plugin for WordPress is affected by a Cross-Site Request Forgery in versions up to 3.8.14 due to a flawed nonce validation conditional in the handle_module_actions function, enabling unauthenticated attackers to toggle plugin modules by tricking a site administrator into pe...
WordPress Ultimate Dashboard – Custom WordPress Dashboard plugin <= 3.8.14 - Cross-Site Request Forgery to Module Activation/Deactivation vulnerability
Cross-Site Request Forgery to Module Activation/Deactivation vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Ultimate Dashboard versions = 3.8.14...
CVE-2024-1689 WooCommerce Tools <= 1.2.9 - Missing Authorization to Authenticated (Subscriber+) Plugin Module Deactivation
The WooCommerce Tools plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woocommercetooltogglemodule function in all versions up to, and including, 1.2.9. This makes it possible for authenticated attackers, with subscriber-level access...
WordPress WooCommerce Tools plugin <= 1.2.9 - Missing Authorization to Authenticated (Subscriber+) Plugin Module Deactivation vulnerability
Missing Authorization to Authenticated Subscriber+ Plugin Module Deactivation vulnerability discovered by Lucio Sá in WordPress Plugin WooCommerce Tools versions = 1.2.9...