WordPress Social Streams plugin <= 1.2.1 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Thanh Nam Tran in WordPress Plugin Social Streams versions = 1.0.1...

WordPress Click & Pledge Connect plugin <= 25.04010101-WP6.8 - Privilege Escalation via SQL Injection vulnerability

Privilege Escalation via SQL Injection vulnerability discovered by astra.r3verii in WordPress Plugin Click & Pledge Connect versions = 25.04010101-WP6.8...

CVE-2025-32281 WordPress DarkMySite plugin <= 1.2.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in DarkMySite DarkMySite darkmysite allows Cross Site Request Forgery.This issue affects DarkMySite: from n/a through = 1.2.8...

CVE-2025-22829

Affected software: Apache CloudStack with the Quota plugin (version 4.20.0.0). Issue: Improper privilege management logic lets an authenticated user with access to specific APIs enable/disable quota‑related emails and list quota configurations for any account in environments where the plugin is e...

WordPress WP Email Debug plugin 1.0-1.1.0 - Missing Authorization to Unauthenticated Privilege Escalation via Password Reset vulnerability

Missing Authorization to Unauthenticated Privilege Escalation via Password Reset vulnerability discovered by kr0d in WordPress Plugin WP Email Debug versions 1.0-1.1.0...

WordPress HyperComments plugin <= 1.2.2 - Unauthenticated Arbitrary Options Update vulnerability

Unauthenticated Arbitrary Options Update vulnerability discovered by WordFence in WordPress Plugin HyperComments versions = 1.2.2...

CVE-2025-4631

The Profitori plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the stocktendobject endpoint in versions 2.0.6.0 to 2.1.1.3. This makes it possible to trigger the saveobjectasuser function for objects whose 'datatype' is set to 'users',. This allows...

WordPress MaxiBlocks plugin <= 2.1.0 - Arbitrary Option Update to Privilege Escalation vulnerability

Arbitrary Option Update to Privilege Escalation vulnerability discovered by Aiden Thái An in WordPress Plugin MaxiBlocks versions = 2.1.0...

WordPress WPCHURCH plugin <= 2.7.0 - Privilege Escalation Vulnerability

Privilege Escalation Vulnerability discovered by Phúc ton luoi in WordPress Plugin WPCHURCH versions = 2.7.0...

CVE-2021-29439

The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission admin.login can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary code execution primitiv...

WordPress Frontend Dashboard 1.0-2.2.7 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin Frontend Dashboard versions 1.0-2.2.7...

WordPress Lead Form Data Collection to CRM plugin <= 3.1 - Arbitrary Option Update to Privilege Escalation vulnerability

Arbitrary Option Update to Privilege Escalation vulnerability discovered by LVT-tholv2k in WordPress Plugin Lead Form Data Collection to CRM versions = 3.1...

WordPress IMITHEMES Listing plugin <= 3.3 - Unauthenticated Privilege Escalation via Unverified Password Reset vulnerability

Unauthenticated Privilege Escalation via Unverified Password Reset vulnerability discovered by Alyudin Nafiie in WordPress Plugin IMITHEMES Listing versions = 3.3...

WordPress SureTriggers <= 1.0.82 - Privilege Escalation Vulnerability

Privilege Escalation Vulnerability discovered by Denver Jackson Patchstack Alliance in WordPress Plugin OttoKit versions = 1.0.82...

CVE-2024-58250

The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges...

WordPress Quentn WP plugin <= 1.2.8 - Privilege Escalation Vulnerability

Privilege Escalation Vulnerability discovered by Le Ngoc Anh in WordPress Plugin Quentn WP versions = 1.2.8...

WordPress WP User Profiles plugin <= 2.6.2 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by astra.r3verii Patchstack Alliance in WordPress Plugin WP User Profiles versions = 2.6.2...

CVE-2025-30772 WordPress WPC Smart Upsell Funnel for WooCommerce plugin <= 3.0.4 - Arbitrary Option Update to Privilege Escalation vulnerability

Missing Authorization vulnerability in WPClever WPC Smart Upsell Funnel for WooCommerce wpc-smart-upsell-funnel allows Privilege Escalation.This issue affects WPC Smart Upsell Funnel for WooCommerce: from n/a through = 3.0.4...

CVE-2024-56040 WordPress VibeBP plugin <= 1.9.9.4.1 - Unauthenticated Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in VibeThemes VibeBP allows Privilege Escalation.This issue affects VibeBP: from n/a through 1.9.9.4.1...

CVE-2024-10589 Leopard <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the importsettings function in all versions up to, and including, 3.1.1. This makes it possible for authenticate...