CVE-2026-9234 JTL-Connector for WooCommerce <= 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Settings Modification via Multiple Functions

The JTL-Connector for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.4.1. This is due to missing capability checks and nonce verification on the adminpostsettingssavewoo-jtl-connector action handled by JtlConnectorAdmin::save and on the...

WordPress Users manager - PN plugin <= 1.1.15 - Unauthenticated Privilege Escalation via Account Takeover via 'userspn_form_save' AJAX Action vulnerability

WordPress Users manager - PN plugin = 1.1.15 - Unauthenticated Privilege Escalation via Account Takeover via 'userspnformsave' AJAX Action vulnerability discovered by BaroHaf - fpt in WordPress Plugin Users manager – PN versions = 1.1.15...

CVE-2026-1944 CallbackKiller service widget <= 1.2 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings Update

The CallbackKiller service widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cbksave function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to modify the plugin's site ID settin...

CVE-2023-53888

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload files such as JavaScript and rename them to .php via the saveE and rename actions, then execute the...

EUVD-2011-5215

Malware in sbrugna...

EUVD-2022-51407

Malicious code in bioql PyPI...

EUVD-2025-27657

Malicious code in bioql PyPI...

CVE-2025-9634

The Plugin updates blocker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the pubsave action handler. This makes it possible for unauthenticated attackers to disable or enable plug...

CVE-2025-9634

CVE-2025-9634 concerns the WordPress plugin “Plugin updates blocker” (versions up to and including 0.2). The flaw is a CSRF vulnerability caused by missing or incorrect nonce validation on the pub_save action, enabling unauthenticated attackers to toggle plugin updates (disable/enable) by luring ...

CVE-2025-9634 Plugin updates blocker <= 0.2 - Cross-Site Request Forgery

The Plugin updates blocker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the pubsave action handler. This makes it possible for unauthenticated attackers to disable or enable plug...

PT-2025-34822

Name of the Vulnerable Software and Affected Versions: Campcodes Online Loan Management System version 1.0 Description: A weakness has been identified in Campcodes Online Loan Management System 1.0. This impacts an unknown function of the file /ajax.php?action=save payment. Manipulation of the lo...

CVE-2021-4413

The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to save field icons via a...

CVE-2024-11724

The Cookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker for GDPR, CCPA & ePrivacy plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wplscriptsave AJAX action in all versions up to, and including, 3.6.5...

PT-2024-38162 · Sourcecodester · Sourcecodester Complaint Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Complaints Report Management System version 1.0 Description: A problematic issue has been found in the system, affecting the processing of the file "/admin/ajax.php?action=save settings". The manipulation of the name argument...

PT-2024-20306 · WordPress · User Registration – Custom Registration Form

Name of the Vulnerable Software and Affected Versions: User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin versions up to, and including, 3.1.5 Description: The issue is related to a missing capability check on the form save action function, allowing...

WordPress Plugin user-registration 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-18716 · WordPress · Foogallery

Name of the Vulnerable Software and Affected Versions: FooGallery plugin for WordPress versions up to and including 2.4.14 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping via the foogallery attachment modal save action...

VvvebJs 安全漏洞

VvvebJs is a drag-and-drop website generator for Givan Personal Developers. A security vulnerability exists in VvvebJs prior to version 1.7.7, which stems from the presence of a Reflective Cross-Site Scripting XSS vulnerability that allows remote attackers to execute arbitrary code and obtain...

PT-2024-22843 · Vvvebjs · Vvvebjs

Name of the Vulnerable Software and Affected Versions: VvvebJs versions prior to 1.7.7 Description: A Reflected Cross-Site Scripting XSS issue allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in "save.php". This enables attackers to perfo...

PT-2023-22411 · Unknown · Sentrifugo

Name of the Vulnerable Software and Affected Versions: Sentrifugo version 3.5 Description: The issue allows an authenticated attacker to upload any file without extension filtering through the AssetsController::uploadsaveAction function. Recommendations: For Sentrifugo version 3.5, consider...