CVE-2026-2626

The divi-booster WordPress plugin before 5.0.2 does not have authorization and CSRF checks in one of its fixing function, allowing unauthenticated users to modify stored divi-booster WordPress plugin before 5.0.2 options. Furthermore, due to the use of unserialize on the data, this could be furth...

CVE-2025-13342

The CVE-2025-13342 flaw affects the Frontend Admin by DynamiApps WordPress plugin (versions up to and including 3.28.20). Root cause: ActionOptions::run() save handler lacks proper capability checks and input validation, allowing unauthenticated users to modify WordPress options (e.g., users_can_...

EUVD-2021-11564

Malware in sbrugna...

EUVD-2022-24543

Malicious code in bioql PyPI...

CVE-2024-13368

The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the youzifyofferbanner function in all versions up to, and including, 1.3.4. This makes it possible for...

CVE-2024-12920 FoodBakery | Delivery Restaurant Directory WordPress Theme <= 4.7 - Missing Authorization in Multiple Functions

The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the foodbakeryvarbackupfiledelete, foodbakerywidgetfiledelete, themeoptionsave, exportwidgetsettings,...

CVE-2024-13643

CVE-2024-13643 relates to the Zox News – Pro WordPress Theme plugin (WordPress) with versions up to 3.17.0. The root cause, per Wordfence and related sources, is missing authorization checks in backup_options() and reset_options(), allowing authenticated users with Subscriber-level access and abo...

WordPress Zox News plugin <= 3.17.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Options Modification vulnerability discovered by Lucio Sá in WordPress Theme Zox News versions = 3.17.0...

CVE-2024-6750

The Social Auto Poster plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to add, modify, or delete pos...

GHSA-5PXR-7M4J-JJC6 Cross-site scripting (XSS) vulnerability in Description metadata

Summary Regardless of the role or privileges, no user should be able to inject malicious JavaScript JS scripts into the body HTML. an XSS Cross-Site Scripting vulnerability, specifically a Stored XSS, which affects all pages of the website. Once the JS script is embedded in the body HTML, the XSS...

CVE-2016-6893

Cross-site request forgery CSRF vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account...