35 matches found
PublishPress Capabilities < 2.3.1 - Missing Authorization
The PublishPress Capabilities plugin for WordPress before 2.3.1 does not have proper authorization and CSRF checks when updating settings via the init hook, allowing unauthenticated attackers to update arbitrary blog options, such as setting the default role to administrator. id: CVE-2021-25032...
CVE-2026-32394
Missing Authorization vulnerability in PublishPress PublishPress Capabilities capability-manager-enhanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Capabilities: from n/a through = 2.31.0...
EUVD-2026-11907
Missing Authorization vulnerability in PublishPress PublishPress Capabilities capability-manager-enhanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Capabilities: from n/a through = 2.31.0...
CVE-2026-32394
Missing Authorization vulnerability in PublishPress PublishPress Capabilities capability-manager-enhanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Capabilities: from n/a through = 2.31.0...
CVE-2026-32394 WordPress PublishPress Capabilities plugin <= 2.31.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in PublishPress PublishPress Capabilities capability-manager-enhanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Capabilities: from n/a through = 2.31.0...
CVE-2026-32394 WordPress PublishPress Capabilities plugin <= 2.31.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in PublishPress PublishPress Capabilities capability-manager-enhanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Capabilities: from n/a through = 2.31.0...
CVE-2026-32394
The CVE-2026-32394 entry concerns the WordPress PublishPress Capabilities plugin (capability-manager-enhanced) with a Broken Access Control/Missing Authorization issue. Affected component: PublishPress Capabilities, versions up to and including 2.31.0. Root cause: incorrectly configured access co...
CVE-2026-32394
Missing Authorization vulnerability in PublishPress PublishPress Capabilities capability-manager-enhanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Capabilities: from n/a through = 2.31.0...
WordPress plugin PublishPress Capabilities 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-25240
Missing Authorization vulnerability in PublishPress PublishPress Capabilities capability-manager-enhanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Capabilities: from n/a through = 2.31.0...
EUVD-2022-42746
Malicious code in bioql PyPI...
CVE-2022-3366
The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation i...
WordPress PublishPress Capabilities Plugin < 2.5.2 PHP Objection Injection Vulnerability
The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
CVE-2022-3366
The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation i...
CVE-2022-3366
The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation i...
Design/Logic Flaw
The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation i...
CVE-2022-3366 PublishPress Capabilities < 2.5.2 - Admin+ PHP Objection Injection
The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation i...
WordPress plugin PublishPress Capabilities 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...
CVE-2022-3366 PublishPress Capabilities < 2.5.2 - Admin+ PHP Objection Injection
The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation i...
PT-2022-21796 · Publishpress · Publishpress Capabilities Pro
Name of the Vulnerable Software and Affected Versions: PublishPress Capabilities WordPress plugin versions prior to 2.5.2 PublishPress Capabilities Pro WordPress plugin versions prior to 2.5.2 Description: The issue allows PHP object injection attacks by administrators on multisite WordPress...