19 matches found
CVE-2026-8976
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action...
CVE-2026-8976
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action...
EUVD-2026-27185
The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wprupdateformactionmeta AJAX action in all versions up to, and including, 1.7.1056. This is due to insufficient input sanitization and output escaping, combined with a...
CVE-2026-4803
The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wprupdateformactionmeta AJAX action in all versions up to, and including, 1.7.1056. This is due to insufficient input sanitization and output escaping, combined with a...
CVE-2016-10996
The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak...
EUVD-2016-1987
Malware in sbrugna...
EUVD-2020-24142
Malware in sbrugna...
EUVD-2024-50538
Malicious code in bioql PyPI...
CVE-2022-1777
The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload...
gnutls: vulnerable to Minerva side-channel information leak
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLSPRIVKEYFLAGREPRODUCIBLE flag, it can result in a noticeable step in nonce...
WP Like Button <= 1.7.0 - Missing Authorization via crublabFBLBAjax
Description The WP Like Button plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the crublabFBLBAjax function in versions up to, and including, 1.7.0. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2020-36700 Page Builder: KingComposer < 2.9.4 - Authorization Bypass due to Improper Access Control
The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3. This is due to a security nonce being leaked in the '/wp-admin/index.php' page. This makes it possible for authenticated attackers to change arbitrary WordPress...
CVE-2022-25602
Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin versions = 4.1.7...
Security & Malware scan by CleanTalk < 2.51 - Security Nonce Leak leading to Unauthorised AJAX call
Security nonce leak, allowing any authenticated users such as subscribers to make unauthorised AJAX call which could lead to arbitrary file deletion/download and function call. Note WPScanTeam: We do not consider the issue fully remediated, as the AJAX calls rely on CSRF check for authorisation,...
CVE-2016-10996
The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak...
CVE-2016-10996
The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak...
Design/Logic Flaw
The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak...
CVE-2016-10996
The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak...
CVE-2016-10996
The CVE-2016-10996 vulnerability affects the WordPress OptinMonster plugin prior to version 1.1.4.6. The root cause is incorrect access control for shortcode execution caused by a nonce leak, allowing an attacker to exploit shortcode handling. Several sources confirm the issue and reference the s...