2 matches found
CVE-2026-8682 3D Viewer <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification via settings REST endpoint
The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
PT-2026-1746
Name of the Vulnerable Software and Affected Versions weDocs plugin for WordPress versions prior to 2.1.16 Description The weDocs plugin for WordPress is susceptible to sensitive information disclosure. Unauthenticated attackers can extract sensitive data, including API keys for third-party...