Uncanny Automator <= 6.3.0.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

The Uncanny Automator - Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3.0.2. This is due to addrole and userrole functions missing proper capability checks performed through the...

EUVD-2024-54002

Malicious code in bioql PyPI...

WordPress plugin Reveal Listing 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. WordPress Reveal Listing suffers from an elevation of privilege vulnerability that stems from allowing users to set roles, which can be exploited by an attacker to tamper...

CVE-2025-4474

The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fedadminsettingformfunction function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite the...

CVE-2025-4474

The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fedadminsettingformfunction function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite the...

CVE-2025-4474

CVE-2025-4474 affects the WordPress Frontend Dashboard plugin (versions 1.0–2.2.7). A missing capability check in fed_admin_setting_form_function() allows authenticated users with Subscriber+ to overwrite the plugin’s register role, elevating privileges to administrator. Public references in Word...

CVE-2024-12281

The Homey theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.2. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated privileges by...

CVE-2024-11951

The Homey Login Register plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.0. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated...