CVE-2025-11497 Advanced Database Cleaner <= 3.1.6 - Cross-Site Request Forgery to Settings Manipulation

The Advanced Database Cleaner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.6. This is due to missing or incorrect nonce validation on the aDBcprepareelementstoclean function. This makes it possible for unauthenticated attackers to alte...

CVE-2024-2782 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Setting Manipulation

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API endpoint in all versions up to, and including,...

TinyMCE Custom Styles < 1.1.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to "Settings" » "TinyMCE Custom Styles"...

IndiaNIC Testimonial 2.2 - Setting Manipulation CSRF

The Testimonial WordPress plugin was affected by a Setting Manipulation CSRF security vulnerability...

SexyBookmarks - Setting Manipulation CSRF

The sexybookmarks WordPress plugin was affected by a Setting Manipulation CSRF security vulnerability...

qTranslate 2.5.34 - Setting Manipulation CSRF

The qtranslate WordPress plugin was affected by a Setting Manipulation CSRF security vulnerability...

Stream Video Player <= 1.4.0 - Setting Manipulation CSRF

The Stream Video Player WordPress plugin was affected by a Setting Manipulation CSRF security vulnerability...

WP-Print 2.51 - Setting Manipulation CSRF

The WP-Print WordPress plugin was affected by a Setting Manipulation CSRF security vulnerability...

FunCaptcha 0.3.2- Setting Manipulation CSRF

The funcaptcha WordPress plugin was affected by security vulnerability...

Top 10 <= 1.9.2 - Setting Manipulation CSRF

The Top 10 – Popular posts plugin for WordPress WordPress plugin was affected by a Setting Manipulation CSRF security vulnerability...

Huawei E5331 MiFi Unauthenticated Access / Setting Manipulation

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Unauthenticated access & manipulation of settings product: Huawei E5331 MiFi mobile hotspot vulnerable version: Software version 21.344.11.00.414 fixed version: Software...