3 matches found
EUVD-2026-42567
The Easy Invoice plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.19. This is due to the plugin registering the easyinvoiceacceptquote and easyinvoicedeclinequote AJAX actions via wpajaxnopriv hooks and relying solely on a quote-scoped nonce that i...
PT-2026-26069
The Post SMTP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle office365 oauth redirect function in all versions up to, and including, 3.8.0. This is due to the function being hooked to admin init without any current user can...
pro-option.proiwebsites.com Cross Site Scripting vulnerability OBB-1420246
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...