3 matches found
CVE-2026-8617
The CVE concerns the WordPress SearchPlus plugin (versions up to and including 1.7.1). The vulnerability arises from a missing capability check and missing nonce validation in two AJAX callback functions, searchplus_save_token_action_callback() and searchplus_reset_token_action_callback(), which ...
EUVD-2026-38674
The SearchPlus plugin for WordPress is vulnerable to unauthorized modification and deletion of data in versions up to, and including, 1.7.1. This is due to a missing capability check and missing nonce validation on the searchplussavetokenactioncallback and searchplusresettokenactioncallback...
WordPress SearchPlus plugin <= 1.7.1 - Missing Authorization to Unauthenticated Settings Modification and Deletion vulnerability
Missing Authorization to Unauthenticated Settings Modification and Deletion vulnerability discovered by Legion Hunter in WordPress Plugin SearchPlus versions = 1.7.1...