CVE-2025-13558 Blog2Social <= 8.7.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Trashing

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'deleteUserCcDraftPost' function in all versions up to, and including, 8.7.0. This makes it possible for authenticated attackers, wi...

CVE-2025-11734 Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links <= 1.2.5 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Trashing

The Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization in all versions up to, and including, 1.2.5. This is due to the plugin registering a REST API endpoint that only...

WordPress Broken Link Checker by AIOSEO plugin <= 1.2.5 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Trashing vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary Post Trashing vulnerability discovered by Lucas Montes Nirox in WordPress Plugin Broken Link Checker versions = 1.2.5...

EUVD-2025-6718

Malicious code in bioql PyPI...

CVE-2025-2290

The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to Unauthenticated Post Trashing due to a missing capability check on the deleteaccessplan function and the related AJAX calls in all versions up to, and including, 8.0.1. This makes it possible for...

CVE-2025-2290

The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to Unauthenticated Post Trashing due to a missing capability check on the deleteaccessplan function and the related AJAX calls in all versions up to, and including, 8.0.1. This makes it possible for...

CVE-2025-2290

The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to Unauthenticated Post Trashing due to a missing capability check on the deleteaccessplan function and the related AJAX calls in all versions up to, and including, 8.0.1. This makes it possible for...

CVE-2025-2290

CVE-2025-2290 affects the LifterLMS WordPress plugin (versions up to and including 8.0.1). The issue is an unauthenticated post trashing vulnerability caused by a missing capability check in the delete_access_plan function and related AJAX handlers. Impact per sources is that an unauthenticated a...

CVE-2025-2290 LifterLMS <= 8.0.1 - Missing Authorization to Unauthenticated Post Trashing

The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to Unauthenticated Post Trashing due to a missing capability check on the deleteaccessplan function and the related AJAX calls in all versions up to, and including, 8.0.1. This makes it possible for...

CVE-2025-2290 LifterLMS <= 8.0.1 - Missing Authorization to Unauthenticated Post Trashing

The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to Unauthenticated Post Trashing due to a missing capability check on the deleteaccessplan function and the related AJAX calls in all versions up to, and including, 8.0.1. This makes it possible for...

PT-2025-11658 · WordPress · Lifterlms

Name of the Vulnerable Software and Affected Versions: LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress versions up to, and including, 8.0.1 Description: The issue is related to Unauthenticated Post Trashing due to a missing capability check on the delete access pl...

WordPress LifterLMS plugin <= 8.0.1 - Missing Authorization to Unauthenticated Post Trashing vulnerability

Missing Authorization to Unauthenticated Post Trashing vulnerability discovered by mikemyers in WordPress Plugin LifterLMS versions = 8.0.1...