CVE-2025-32239 WordPress Social Share Buttons & Analytics Plugin plugin <= 4.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Joao Romao Social Share Buttons & Analytics Plugin – GetSocial.io allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Social Share Buttons & Analytics Plugin – GetSocial.io: from n/a through 4.5...

CVE-2025-31628 WordPress Sliced Invoices plugin <= 3.10.0 - Insecure Direct Object References (IDOR) vulnerability

Missing Authorization vulnerability in SlicedInvoices Sliced Invoices sliced-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sliced Invoices: from n/a through = 3.10.0...

CVE-2025-31878 WordPress UPC/EAN/GTIN Code Generator plugin <= 2.0.2 - Settings Change vulnerability

Missing Authorization vulnerability in Dmitry V. CEO of "UKR Solution" UPC/EAN/GTIN Code Generator upc-ean-barcode-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UPC/EAN/GTIN Code Generator: from n/a through = 2.0.2...

CVE-2025-31848 WordPress WordPress Adverts Plugin plugin <= 1.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPFactory Adverts adverts-click-tracker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Adverts: from n/a through = 1.4...

CVE-2025-30824 WordPress Textmetrics plugin <= 3.6.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Israpil Textmetrics webtexttool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Textmetrics: from n/a through = 3.6.1...

CVE-2025-30605 WordPress sourceplay-navermap plugin <= 0.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in ldwin79 sourceplay-navermap sourceplay-navermap allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects sourceplay-navermap: from n/a through = 0.0.2...

CVE-2024-9847 Cross-Site Request Forgery (CSRF) in flatpressblog/flatpress

FlatPress CMS version latest is vulnerable to Cross-Site Request Forgery CSRF attacks that allow an attacker to enable or disable plugins on behalf of a victim user. The attacker can craft a malicious link or script that, when clicked by an authenticated user, will send a request to the FlatPress...

CVE-2024-13423

CVE-2024-13423 applies to the Sparkling WordPress theme/plugin (affected versions: ≤ 2.4.9). Root cause: missing capability checks in functions sparkle_activate_plugin and sparkle_deactivate_plugin, enabling unauthenticated users to activate/deactivate arbitrary plugins. Impact: unauthorized plug...

CVE-2025-22681 WordPress Content Cloner plugin <= 1.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Xfinitysoft Content Cloner super-seo-content-cloner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Content Cloner: from n/a through = 1.0.1...

CVE-2025-24697 WordPress Image Gallery – Responsive Photo Gallery plugin <= 1.0.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Realwebcare Image Gallery – Responsive Photo Gallery awesome-responsive-photo-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Gallery – Responsive Photo Gallery: from n/a through = 1.0.5...

CVE-2024-11641

The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.2. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to change plugi...

CVE-2025-24571 WordPress WP Fast Total Search plugin <= 1.78.258 - Broken Access Control vulnerability

Missing Authorization vulnerability in Epsiloncool WP Fast Total Search fulltext-search allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Fast Total Search: from n/a through = 1.78.258...

CVE-2025-22729 WordPress VOD Infomaniak plugin <= 1.5.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Infomaniak Staff VOD Infomaniak allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VOD Infomaniak: from n/a through 1.5.9...

CVE-2024-56048

CVE-2024-56048 affects WPLMS (WordPress LMS) up to version 1.9.9. The vulnerability is a Missing Authorization/Unauthenticated Privilege Escalation that allows updating privileged options and accessing restricted functionality, with reported exploitation in multiple disclosures. Several connected...

CVE-2023-32293 WordPress WRC Pricing Tables plugin <= 2.3.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Realwebcare WRC Pricing Tables allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WRC Pricing Tables: from n/a through 2.3.7...

CVE-2024-43297 WordPress Clone plugin <= 2.4.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.4.5...

PT-2024-39161 · WordPress · Wp Simple Booking Calendar

Name of the Vulnerable Software and Affected Versions: WP Simple Booking Calendar plugin for WordPress versions up to, and including, 2.0.10 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg and remove query arg without appropriate escaping on the...

CVE-2024-32805 WordPress Social Snap plugin <= 1.3.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Social Snap.This issue affects Social Snap: from n/a through 1.3.5...

VikBooking < 1.6.8 - Insecure Direct Object References

Description The plugin allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and access settings of the plugin's they shouldn't be allowed to. PoC https://example.com/wp-admin/admin.php?option=comvikbooking=config...

PT-2024-15871 · WordPress · Innovs Hr Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Innovs HR WordPress plugin versions 1.0.3.4 and earlier Description: The issue concerns a lack of CSRF checks in some places within the Innovs HR WordPress plugin, which could allow attackers to make logged-in users perform unwanted actions v...