CVE-2023-2877

The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the...

Exploit for Missing Authorization in Stylemixthemes Motors_-_Car_Dealer\,_Classifieds_\&_Listing

CVE-2025-2807: Motors Plugin Exploit By: Nxploited | Khal...

CVE-2024-10897

CVE-2024-10897 affects the WordPress plugin Tutor LMS Elementor Addons (versions up to and including 2.1.5). The issue is a missing capability check in install_etlms_dependency_plugin(), enabling authenticated users with Subscriber+ privileges to install Elementor or Tutor LMS. Impact is limited ...

CVE-2023-6985

The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the installplugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with...

PT-2023-16642 · WordPress · Inisev

Name of the Vulnerable Software and Affected Versions: Inisev WordPress plugins affected versions not specified Description: The issue allows authenticated attackers with minimal permissions to install select plugins due to a missing capability check on the handle installation function. This...