CVE-2025-13529

CVE-2025-13529 affects the Unify WordPress plugin (up to version 3.4.9), with an unauthorized data modification vulnerability caused by a missing capability check on the init action. Wordfence’s vulnerability report confirms the issue as Missing Authorization to Unauthenticated Option Deletion vi...

WordPress plugin Quote Comments 安全漏洞

...

CVE-2025-14447

The AnnunciFunebri Impresa plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the annfuresetoptions function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and...

PT-2025-51074

The AnnunciFunebri Impresa plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the annfu reset options function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with Subscriber-level access an...

EUVD-2025-36900

The Translate WordPress and go Multilingual – Weglot plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cleanoptions' function in all versions up to, and including, 5.1. This makes it possible for unauthenticated attackers to delete limited...

WordPress plugin WP VR 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

CVE-2025-12005 WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress <= 8.5.41 - Improper Authorization to Authenticated (Contributor+) Plugin Settings Update

The WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress plugin for WordPress is vulnerable to unauthorized access of data in all versions up to, and including, 8.5.41. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it...

EUVD-2023-23320

Malicious code in bioql PyPI...

EUVD-2023-58723

Malicious code in bioql PyPI...

EUVD-2025-27634

Malicious code in bioql PyPI...

CVE-2025-9627

The Run Log plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.10. This is due to missing or incorrect nonce validation on the oirlpluginoptions function. This makes it possible for unauthenticated attackers to modify plugin settings includi...

CVE-2025-9633 LH Signing <= 2.83 - Cross-Site Request Forgery

The LH Signing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.83. This is due to missing or incorrect nonce validation on the pluginoptions function. This makes it possible for unauthenticated attackers to modify plugin settings via a forg...

CVE-2025-9633

CVE-2025-9633: LH Signing WordPress plugin vulnerabilities exist in all versions up to 2.83 due to missing or incorrect nonce validation in the plugin_options function, enabling CSRF. This allows unauthenticated attackers to modify plugin settings by inducing an admin action (e.g., clicking a for...

WordPress plugin Run Log 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2025-37151

The LH Signing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.83. This is due to missing or incorrect nonce validation on the plugin options function. This makes it possible for unauthenticated attackers to modify plugin settings via a...

CVE-2024-6175

The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the multiple functions called via AJAX like savefieldssettings, bupdeleteuseravatar, bupcropavataruserprofileimage, and more in a...

CVE-2024-0790

The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8.1. This is due to missing or incorrect nonce validation on the wpbecreatenewterm, wpbeupdatetaxterm, and wpbedeletetaxterm...

CVE-2024-11496

The Infility Global plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the infilityglobalajax function in all versions up to, and including, 2.9.8. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

CVE-2023-6492

The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'adminnotices' hook found in class-settings.php. This makes it possible...

CVE-2023-1028

The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the setIgnore function. This makes it possible for unauthenticated attackers to update plugin options via a forged...