CVE-2026-1860

The Kali Forms WordPress plugin (versions

CVE-2026-1054 RegistrationMagic <= 6.0.7.4 - Missing Authorization to Unauthenticated Arbitrary Settings Modification

The RegistrationMagic plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 6.0.7.4. This is due to missing nonce verification and capability checks on the rmsetotp AJAX action handler. This makes it possible for unauthenticated attackers to modify arbitrar...

EUVD-2026-4918

The RegistrationMagic plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 6.0.7.4. This is due to missing nonce verification and capability checks on the rmsetotp AJAX action handler. This makes it possible for unauthenticated attackers to modify arbitrar...

CVE-2026-1054

The RegistrationMagic plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 6.0.7.4. This is due to missing nonce verification and capability checks on the rmsetotp AJAX action handler. This makes it possible for unauthenticated attackers to modify arbitrar...

PT-2026-5078

The RegistrationMagic plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 6.0.7.4. This is due to missing nonce verification and capability checks on the rm set otp AJAX action handler. This makes it possible for unauthenticated attackers to modify...

CVE-2025-10732

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.12.1. This is due to improper access control implementation on the '/wp-json/sureforms/v1/srfm-global-settings' REST API endpoint...

EUVD-2025-34138

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.12.1. This is due to improper access control implementation on the '/wp-json/sureforms/v1/srfm-global-settings' REST API endpoint...

CVE-2024-5541

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ibtanavisualeditorregisterajaxjsonendpont' function in all versions up to, and including, 1.2.3.3. This makes it possible for unauthenticated...

CVE-2024-5541

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ibtanavisualeditorregisterajaxjsonendpont' function in all versions up to, and including, 1.2.3.3. This makes it possible for unauthenticated...

PT-2024-36514 · WordPress · Ibtana

Name of the Vulnerable Software and Affected Versions: Ibtana – WordPress Website Builder plugin versions up to, and including, 1.2.3.3 Description: The issue allows unauthorized modification of data due to a missing capability check on the ibtana visual editor register ajax json endpont function...

Design/Logic Flaw

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saswpreviewsformrender' function in all versions up to, and including, 1.26. This makes it possible for authenticated attackers, with...

PT-2024-15142 · WordPress · Getwid

Name of the Vulnerable Software and Affected Versions: Getwid – Gutenberg Blocks plugin for WordPress versions prior to 2.0.4 Description: The issue allows unauthorized modification of data due to a missing capability check on the recaptcha api key manage function. This makes it possible for...