CVE-2026-9234 JTL-Connector for WooCommerce <= 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Settings Modification via Multiple Functions

The JTL-Connector for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.4.1. This is due to missing capability checks and nonce verification on the adminpostsettingssavewoo-jtl-connector action handled by JtlConnectorAdmin::save and on the...

PT-2026-45711

The JTL-Connector for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.4.1. This is due to missing capability checks and nonce verification on the admin post settings save woo-jtl-connector action handled by JtlConnectorAdmin::save and on...

EUVD-2026-12742

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpgmzacustomjs’ parameter in all versions up to, and including, 10.0.05 due to insufficient input sanitization and output escaping and missing capability check in the...

CVE-2026-4268

The CVE relates to WP Go Maps (formerly WP Google Maps) WordPress plugin. All versions up to 10.0.05 are affected by a Stored Cross-Site Scripting vulnerability via the wpgmza_custom_js parameter, caused by insufficient input sanitization/output escaping and a missing capability check in the admi...

WordPress Eventin plugin <= 4.0.51 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via 'post_settings' vulnerability

Missing Authorization to Unauthenticated Stored Cross-Site Scripting via 'postsettings' vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin Eventin versions = 4.0.51...

CVE-2025-14657 Eventin – Event Manager, Event Booking, Calendar, Tickets and Registration Plugin (AI Powered) <= 4.0.51 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via 'post_settings'

The Eventin – Event Manager, Events Calendar, Event Tickets and Registrations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'postsettings' function in all versions up to, and including, 4.0.51. This makes it possible for...

CVE-2024-2234

The Himer WordPress theme before 2.1.1 does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks...

CVE-2024-2234

The Himer WordPress theme before 2.1.1 does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks...

CVE-2024-2234

The Himer WordPress theme before 2.1.1 does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks...

PT-2024-19350 · WordPress · Himer

Name of the Vulnerable Software and Affected Versions: Himer WordPress theme versions prior to 2.1.1 Description: The issue concerns the lack of sanitization and escaping of certain Post settings, potentially allowing high-privilege users, such as Contributors, to perform Stored Cross-Site...

CVE-2024-4899

The SEOPress WordPress plugin before 7.8 does not sanitise and escape some of its Post settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks...

CVE-2024-4899 SEOPress < 7.8 - Contributor+ Stored XSS

The SEOPress WordPress plugin before 7.8 does not sanitise and escape some of its Post settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks...

CVE-2024-4900

The vulnerability CVE-2024-4900 affects the SEOPress WordPress plugin and is described as an Open Redirect resulting from failing to validate/escape a Post setting in versions before 7.8. Public records (NVD/NVD-derived entries and Red Hat) confirm the issue's basic description and attribution to...

PT-2024-33319 · WordPress · Seopress

Name of the Vulnerable Software and Affected Versions: SEOPress WordPress plugin versions prior to 7.8 Description: The issue concerns a lack of validation and escaping in one of the Post settings of the SEOPress WordPress plugin. This could allow users with a contributor or higher role to perfor...

PT-2024-33318 · WordPress · Seopress

Name of the Vulnerable Software and Affected Versions: SEOPress WordPress plugin versions prior to 7.8 Description: The issue concerns the SEOPress WordPress plugin, where certain Post settings are not properly sanitized and escaped, potentially allowing high-privilege users, such as contributors...

WordPress plugin SEOPress security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...