CVE-2026-6897

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\TeamAccounts::savesettings' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...

CVE-2024-46377

Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the savesettings function of the file rental/adminclass.php...

CVE-2023-3408

CVE-2023-3408 affects the Bricks theme for WordPress. The vulnerability is a CSRF flaw caused by missing/incorrect nonce validation in the save_settings function, allowing unauthenticated attackers to modify theme settings. This could enable a setting that lets low-privileged users (e.g., contrib...

CVE-2024-3287

The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to unauthorized ld+json description injection due to a missing capability check on the savesettings function in all versions up to, and including, 3.10.2. This makes it possible for unauthenticate...