WordPress plugin Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Infility Global plugin <= 2.9.8 - Authenticated (Subscriber+) Missing Authorization to Plugin Options Update vulnerability

Authenticated Subscriber+ Missing Authorization to Plugin Options Update vulnerability discovered by Francesco Carlucci in WordPress Plugin Infility Global versions = 2.9.8...

CVE-2024-11496

The Infility Global plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the infilityglobalajax function in all versions up to, and including, 2.9.8. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

PT-2025-1662 · WordPress · Infility Global

Name of the Vulnerable Software and Affected Versions: Infility Global plugin for WordPress versions up to, and including, 2.9.8 Description: The issue allows authenticated attackers with Subscriber-level access and above to update plugin options, potentially breaking the site, due to a missing...

CVE-2024-10003

The Rover IDX plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 3.0.0.2903. This makes it possible for authenticated attackers, with subscriber-level access and...

CVE-2024-10003

CVE-2024-10003 (Rover IDX for WordPress) affects Rover IDX plugin, versions up to 3.0.0.2903. Root cause is a missing capability check on multiple functions, enabling authenticated attackers with subscriber-level access or higher to add, modify, or delete plugin options, potentially leading to un...

CVE-2024-9361

The Bulk images optimizer: Resize, optimize, convert to webp, rename … plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveconfiguration' function in all versions up to, and including, 2.0.1. This makes it possible for authenticate...

WordPress Bulk images optimizer plugin <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Plugin Options Update vulnerability discovered by Francesco Carlucci in WordPress Plugin Bulk images optimizer versions = 2.0.1...

PT-2024-39595 · WordPress · Bulk Images Optimizer

Name of the Vulnerable Software and Affected Versions: The Bulk images optimizer: Resize, optimize, convert to webp, rename … plugin for WordPress versions up to, and including, 2.0.1 Description: The issue is related to a missing capability check on the save configuration function, allowing...

CVE-2024-9520

The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.0. This makes it possible for authenticated attackers with subscriber-level permissions or above, ...

CVE-2024-9520

The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.0. This makes it possible for authenticated attackers with subscriber-level permissions or above, ...

CVE-2024-7605

The HelloAsso plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'haajax' function in all versions up to, and including, 1.1.10. This makes it possible for authenticated attackers, with Contributor-level access and above, to update...

CVE-2024-7605

The HelloAsso plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'haajax' function in all versions up to, and including, 1.1.10. This makes it possible for authenticated attackers, with Contributor-level access and above, to update...

CVE-2024-7605

CVE-2024-7605 : The WordPress HelloAsso plugin (versions up to 1.1.10) is vulnerable due to a missing capability check on the 'ha_ajax' function, allowing authenticated attackers with Contributor-level access or higher to modify plugin options and disrupt service. The vulnerability affects all ve...

CVE-2024-6751

The Social Auto Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.3.14. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete post meta an...

CVE-2024-6750

The Social Auto Poster plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to add, modify, or delete pos...

CVE-2024-6751

The Social Auto Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.3.14. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete post meta an...

CVE-2024-6751

The CVE-2024-6751 entry describes a CSRF vulnerability in the WordPress plugin Social Auto Poster up to version 5.3.14 due to missing/incorrect nonce validation on multiple functions. This allows unauthenticated attackers to add, modify, or delete post meta and plugin options. Multiple connected ...

PT-2024-37847 · WordPress · Social Auto Poster

Name of the Vulnerable Software and Affected Versions: The Social Auto Poster plugin for WordPress versions up to, and including, 5.3.14 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on multiple functions. This allows unauthenticated...

PT-2024-37846 · WordPress · Social Auto Poster

Name of the Vulnerable Software and Affected Versions: Social Auto Poster plugin for WordPress versions up to, and including, 5.3.14 Description: The issue allows unauthorized access, modification, and loss of data due to a missing capability check on multiple functions. This enables...