8994 matches found
HT Mega < 3.0.7 - Sensitive Information Disclosure
The HT Mega plugin for WordPress is vulnerable to Sensitive Information Exposure via AJAX actions. This template dynamically extracts the security nonce before exploitation. id: CVE-2026-4106 info: name: HT Mega 3.0.7 - Sensitive Information Disclosure author: EFETR severity: high description: |...
WPBot <= 8.4.9 - Cross-Site Scripting
WPBot = 8.4.9 is vulnerable to stored cross-site scripting via the conversation parameter in the qcldwbchatbotconversationsave AJAX action. The AJAX nonce qcsecretbotnonceval123qc is publicly emitted on every frontend page via wplocalizescript under the ajaxnonce key, making it freely obtainable ...
W3 Total Cache < 2.8.2 - Log File Exposure
The plugin is vulnerable to Information Exposure through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For example, the log file may contain nonce values that can be used in further CSRF...
Video Conferencing with Zoom API < 4.6.6 - Unauthenticated SDK Signature Generation
Zoom WordPress plugin 4.6.6 contains a broken authentication caused by disabled nonce verification in an AJAX handler, letting unauthenticated attackers generate valid Zoom SDK signatures and retrieve the Zoom SDK key. id: CVE-2026-1368 info: name: Video Conferencing with Zoom API 4.6.6 -...
WordPress Contact Form 7 <2.3.4 - Arbitrary Nonce Generation
WordPress Contact Form 7 before version 2.3.4 allows unauthenticated users to use the wpcf7rgetnonce AJAX action to retrieve a valid nonce for any WordPress action/function. id: CVE-2021-24278 info: name: WordPress Contact Form 7 2.3.4 - Arbitrary Nonce Generation author: 2rs3c severity: high...
ARMember < 3.4.8 - Unauthenticated Admin Account Takeover
The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover even the administrator due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username. id:...
Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit - Broken Access Control
The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the installoractivateaddonplugins function and a weak nonce hash in all...
CVE-2026-9734
The W3SC Elementor to Zoho CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the storeInfo function. This makes it possible for unauthenticated attackers to modify the plugin's...
CVE-2026-9734
The CVE-2026-9734 entry concerns the W3SC Elementor to Zoho CRM plugin for WordPress. A CSRF vulnerability exists in all versions up to 2.2.0 due to missing or incorrect nonce validation in the storeInfo function, enabling unauthenticated attackers to alter Zoho CRM integration settings by forgin...
CVE-2026-9734 W3SC Elementor to Zoho CRM <= 2.2.0 - Cross-Site Request Forgery to Settings Update
The W3SC Elementor to Zoho CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the storeInfo function. This makes it possible for unauthenticated attackers to modify the plugin's...
CVE-2026-8616
The Fense Proxy & VPN Blocker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce validation on the fensebpvtsavesettings function in versions up to, and including, 3.0.1. The callback is registered to both wpajax and...
CVE-2026-15395
The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin is affected by CVE-2026-15395: Stored XSS via the digitalSignature field in all versions up to and including 2.4.18, caused by insufficient input sanitization and output escaping. The vulnerability allows unauthenticated attac...
CVE-2026-8616
The CVE-2026-8616 entry concerns the Fense Proxy & VPN Blocker WordPress plugin. Affected versions are up to 3.0.1, where the fense_bpvt_save_settings() AJAX handler lacks a capability check and nonce validation. The callback is registered for both wp_ajax_* and wp_ajax_nopriv_* and unconditional...
CVE-2026-62232
Grav before 2.0.4 contains a two-factor authentication bypass vulnerability in the login plugin where the regenerate2FASecret task checks only user existence, not authorization, during the pending TOTP challenge window. Attackers who know the victim's password can call this task without a CSRF...
CVE-2026-15407
The Themify Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 7.7.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2026-15350
The The Cache Purger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.3.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level...
EUVD-2026-44898
The Loco Translate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.5. This is due to missing or incorrect nonce validation on the execTemplate function. This makes it possible for unauthenticated attackers to execute arbitrary PHP code on...
CVE-2026-15005 Loco Translate <= 2.8.5 - Cross-Site Request Forgery to Remote Code Execution via 'template' Parameter
The Loco Translate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.5. This is due to missing or incorrect nonce validation on the execTemplate function. This makes it possible for unauthenticated attackers to execute arbitrary PHP code on...
CVE-2026-15407
The CVE-2026-15407 entry describes an authorization bypass in Themify Builder for WordPress up to version 7.7.7. The underlying issue is insufficient verification of a user’s authorization for actions performed via the tb_generate_on_fly AJAX action, enabling authenticated users with subscriber-l...
EUVD-2026-44884
The The Cache Purger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.3.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level...