CVE-2026-7616 Zawgyi Embed <= 2.1.1 - Cross-Site Request Forgery via 'zawgyi_forceCSS' Parameter

The Zawgyi Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the zawgyiadminpage function. This makes it possible for unauthenticated attackers to update the plugin's...

CVE-2026-41191 FreeScout's signature only mailbox permission allows unauthorized mailbox chat setting changes

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, MailboxesController::updateSave persists chatstartnew outside the allowed-field filter. A user with only the mailbox sig permission sees only the signature field in the UI, but can still change the hidden...

EUVD-2022-40663

Malicious code in bioql PyPI...

Pilz IndustrialPI 代码问题漏洞

Pilz IndustrialPI is a gateway for the Industrial Internet of Things from Pilz Individual Developers in Germany. A code issue vulnerability exists in Pilz IndustrialPI that stems from an unauthenticated login bypass resulting in a setting change...

CVE-2024-27900

Due to missing authorization check, attacker with business user account in SAP ABAP Platform - version 758, 795, can change the privacy setting of job templates from shared to private. As a result, the selected template would only be accessible to the owner...

CVE-2024-6856

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2021-4371

The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Setting Changs in versions up to, and including, 5.5. This is due to lacking both a security nonce and a capabilities check. This makes it possible for low-authenticated attackers to change plugin settings even when they do not ha...

WordPress plugin ILC Thickbox 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-2277

A vulnerability was found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Setting/changepasswordsave of the component Password Reset Handler. The manipulation leads to cross-site...

Command injection

The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings...

CVE-2022-38058

Authenticated subscriber+ Plugin Setting change vulnerability in WP Shamsi plugin = 4.1.1 at WordPress...

Command injection

Authenticated subscriber+ Plugin Setting change vulnerability in WP Shamsi plugin = 4.1.1 at WordPress...

CVE-2022-38058 WordPress WP Shamsi plugin <= 4.1.1 - Authenticated Plugin Setting change vulnerability

Authenticated subscriber+ Plugin Setting change vulnerability in WP Shamsi plugin = 4.1.1 at WordPress...

CVE-2022-38058 WordPress WP Shamsi plugin <= 4.1.1 - Authenticated Plugin Setting change vulnerability

Authenticated subscriber+ Plugin Setting change vulnerability in WP Shamsi plugin = 4.1.1 at WordPress...

WordPress WP Shamsi plugin <= 4.1.1 - Authenticated Plugin Setting change vulnerability

Authenticated Plugin Setting change vulnerability was discovered by Muhammad Daffa Patchstack Alliance in the WordPress WP Shamsi plugin versions = 4.1.1. Solution Update the WordPress WP Shamsi plugin to the latest available version at least 4.2.0...

WordPress Essential Widgets plugin <= 1.8 - Unauthorized Plugin Setting Change vulnerability

Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Essential Widgets plugin versions = 1.8. Solution Update the WordPress Essential Widgets plugin to the latest available version at least 1.9...

WordPress Catch Gallery plugin <= 1.6.8 - Unauthorized Plugin Setting Change vulnerability

Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Catch Gallery plugin versions = 1.6.8. Solution Update the WordPress Catch Gallery plugin to the latest available version at least 1.7...

WordPress Essential Content Types plugin <= 1.8.6 - Unauthorized Plugin Setting Change vulnerability

Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Essential Content Types plugin versions = 1.8.6. Solution Update the WordPress Essential Content Types plugin to the latest available version at least 1.9...

WordPress To Top plugin <= 2.2.2 - Unauthorized Plugin Setting Change vulnerability

Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress To Top plugin versions = 2.2.2. Solution Update the WordPress To Top plugin to the latest available version at least 2.3...

WordPress Social Gallery and Widget plugin <= 2.2.5 - Unauthorized Plugin Setting Change vulnerability

Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Social Gallery and Widget plugin versions = 2.2.5. Solution Update the WordPress Social Gallery and Widget plugin to the latest available version at least 2.3...