52 matches found
CVE-2026-1753
The Gutena Forms WordPress plugin before 1.6.1 does not validate option to be updated, which could allow contributors and above role to update arbitrary boolean and array options such as userscanregister...
EUVD-2015-9314
Malware in sbrugna...
EUVD-2015-9317
Malware in sbrugna...
EUVD-2015-9315
Malware in sbrugna...
EUVD-2015-9316
Malware in sbrugna...
EUVD-2021-34630
Malicious code in bioql PyPI...
EUVD-2024-16652
Malicious code in bioql PyPI...
CVE-2023-6700
The Cookie Information | Free GDPR Consent Solution plugin for WordPress is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler in versions up to, and including, 2.0.22. This makes it possible for authenticated attackers, with subscriber-level acce...
CVE-2015-9475
The Pont theme 1.5 for WordPress has insufficient restrictions on option updates...
CVE-2015-9474
The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates...
CVE-2015-9477
The Vernissage theme 1.2.8 for WordPress has insufficient restrictions on option updates...
CVE-2015-9476
The Teardrop theme 1.8.1 for WordPress has insufficient restrictions on option updates...
CVE-2025-2907
The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Furthermore it also lacks proper checks to only update options relevant to the Order Delivery Date WordPress plugin before 12.3.1. This leads to attackers being able to modi...
CVE-2025-2111
The Insert Headers And Footers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.1. This is due to missing or incorrect nonce validation on the 'custompluginsetoption' function. This makes it possible for unauthenticated attackers to update...
WordPress Cardealer theme <= 1.6.4 - Arbitrary Theme Option Update to Authenticated (Subscriber+) Privilege Escalation vulnerability
Arbitrary Theme Option Update to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by István Márton in WordPress Theme Car Dealer versions = 1.6.4...
WordPress plugin Apus Framework 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin ConvertPlus 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress plugin ZoxPress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2024-4898
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site ...
CVE-2024-13370 Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update (save_addon_key_license)
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the saveaddonkeylicense function in all versions up to, and including, 1.3.2. This makes it possible fo...