CVE-2026-12407

The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.32.26. This is due to the screenaction function lacking a dedicated capability check and nonce verification — when invoked via the ?action=screen routing path...

CVE-2026-3596

The Riaxe Product Customizer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.2. The plugin registers an unauthenticated AJAX action 'wpajaxnoprivinstall-imprint' that maps to the inkpdaddoption function. This function reads 'option' and...

CVE-2026-1753

The Gutena Forms WordPress plugin before 1.6.1 does not validate option to be updated, which could allow contributors and above role to update arbitrary boolean and array options such as userscanregister...

EUVD-2015-9317

Malware in sbrugna...

EUVD-2015-9314

Malware in sbrugna...

EUVD-2015-9315

Malware in sbrugna...

EUVD-2015-9316

Malware in sbrugna...

EUVD-2021-34630

Malicious code in bioql PyPI...

EUVD-2024-16652

Malicious code in bioql PyPI...

CVE-2023-6700

The Cookie Information | Free GDPR Consent Solution plugin for WordPress is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler in versions up to, and including, 2.0.22. This makes it possible for authenticated attackers, with subscriber-level acce...

CVE-2015-9475

The Pont theme 1.5 for WordPress has insufficient restrictions on option updates...

CVE-2015-9474

The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates...

CVE-2015-9477

The Vernissage theme 1.2.8 for WordPress has insufficient restrictions on option updates...

CVE-2015-9476

The Teardrop theme 1.8.1 for WordPress has insufficient restrictions on option updates...

CVE-2025-2907

The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Furthermore it also lacks proper checks to only update options relevant to the Order Delivery Date WordPress plugin before 12.3.1. This leads to attackers being able to modi...

CVE-2025-2111

The Insert Headers And Footers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.1. This is due to missing or incorrect nonce validation on the 'custompluginsetoption' function. This makes it possible for unauthenticated attackers to update...

WordPress Cardealer theme <= 1.6.4 - Arbitrary Theme Option Update to Authenticated (Subscriber+) Privilege Escalation vulnerability

Arbitrary Theme Option Update to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by István Márton in WordPress Theme Car Dealer versions = 1.6.4...

WordPress plugin ConvertPlus 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin Apus Framework 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin ZoxPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...