CVE-2025-14447 AnnunciFunebri Impresa <= 4.7.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Options Deletion

The AnnunciFunebri Impresa plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the annfuresetoptions function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and...

WordPress AnnunciFunebri Impresa plugin <= 4.7.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Options Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary plugin Options Deletion vulnerability discovered by Legion Hunter in WordPress Plugin AnnunciFunebri Impresa versions = 4.7.0...

EUVD-2024-17666

Malicious code in bioql PyPI...

EUVD-2022-43327

Malicious code in bioql PyPI...

EUVD-2024-16223

Malicious code in bioql PyPI...

CVE-2022-2382

The Product Slider for WooCommerce WordPress plugin before 2.5.7 has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. One in particular could allow them to delete arbitrary blog options...

CVE-2025-39352 WordPress Grand Restaurant WordPress theme <= 7.0 - Arbitrary Options Deletion vulnerability

Missing Authorization vulnerability in ThemeGoods Grand Restaurant WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant WordPress: from n/a through 7.0...

CVE-2025-39352 WordPress Grand Restaurant WordPress theme <= 7.0 - Arbitrary Options Deletion vulnerability

Missing Authorization vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant: from n/a through = 7.0...

WordPress Grand Restaurant WordPress theme <= 7.0 - Arbitrary Options Deletion vulnerability

Arbitrary Options Deletion vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Grand Restaurant versions = 7.0...

WordPress ZoxPress theme <= 2.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Options Deletion vulnerability discovered by Lucio Sá in WordPress Theme ZoxPress versions = 2.12.0...

CVE-2024-13643

CVE-2024-13643 relates to the Zox News – Pro WordPress Theme plugin (WordPress) with versions up to 3.17.0. The root cause, per Wordfence and related sources, is missing authorization checks in backup_options() and reset_options(), allowing authenticated users with Subscriber-level access and abo...

WordPress Pearl plugin <= 1.3.7 - Missing Authorization to Unauthenticated Arbitrary Site Options Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Site Options Deletion vulnerability discovered by Lucio Sá in WordPress Plugin Pearl versions = 1.3.7...

PT-2024-18440 · WordPress · Arforms Form Builder

Name of the Vulnerable Software and Affected Versions: ARForms Form Builder plugin for WordPress versions up to, and including, 1.6.4 Description: The issue is related to a missing capability check on the arflite remove preview data function, allowing authenticated attackers with subscriber acces...

EUVD-2023-57859

The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service...

PT-2023-32175

Name of the Vulnerable Software and Affected Versions 10Web Booster WordPress plugin versions prior to 2.24.18 Description The issue allows unauthenticated users to delete arbitrary options from the database, leading to denial of service, due to the lack of validation of the option name given to...

CVE-2022-3999 WooCommerce Shipping - DPD baltic < 1.2.57 - Subscriber+ Arbitrary Options Deletion

The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable...

WooCommerce Shipping - DPD baltic < 1.2.57 - Subscriber+ Arbitrary Options Deletion

The plugin does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable. Run the below command in the developer console of the web browser while being on the...

WooCommerce Shipping - DPD baltic < 1.2.57 - Subscriber+ Arbitrary Options Deletion

The plugin does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable. PoC Run the below command in the developer console of the web browser while being on t...

CVE-2022-2382 Product Slider for WooCommerce < 2.5.7 - Subscriber+ Arbitrary Options Deletion

The Product Slider for WooCommerce WordPress plugin before 2.5.7 has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. One in particular could allow them to delete arbitrary blog options...

Product Slider for WooCommerce < 2.5.7 - Subscriber+ Arbitrary Options Deletion

The plugin has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. One in particular could allow them to delete arbitrary blog options. fetch"/wp-admin/admin-ajax.php", "headers": "content-type":...