WordPress Woocommerce Envato Affiliates plugin <= 1.2.1 - Settings Change vulnerability

Settings Change vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Woocommerce Envato Affiliates versions = 1.2.1...

WordPress Advanced WC Analytics plugin <= 3.19.0 - Settings Change vulnerability

Settings Change vulnerability discovered by Legion Hunter in WordPress Plugin Advanced WC Analytics versions = 3.19.0...

CVE-2025-68976 WordPress Eagle Booking plugin <= 1.3.4.3 - Settings Change vulnerability

Missing Authorization vulnerability in Eagle-Themes Eagle Booking eagle-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eagle Booking: from n/a through = 1.3.4.3...

CVE-2025-47634

CVE-2025-47634 refers to a Missing Authorization vulnerability in the WordPress WC Pickup Store plugin, affecting versions up to 1.8.9. The issue arises from insufficient access-control checks, enabling exploitation of incorrectly configured authorization levels. Public sources in connected docum...

CVE-2025-49439 WordPress Atelier Create CV plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery CSRF vulnerability in mariusz88atelierweb Atelier Create CV atelier-create-cv allows Cross Site Request Forgery.This issue affects Atelier Create CV: from n/a through = 1.1.5...

CVE-2025-49445 WordPress Interactive UK Regional Map plugin <= 2.0 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery CSRF vulnerability in WP Map Plugins Interactive UK Regional Map allows Cross Site Request Forgery. This issue affects Interactive UK Regional Map: from n/a through 2.0...

CVE-2025-27359 WordPress WP Media File Type Manager plugin <= 2.3.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Seerox WP Media File Type Manager wp-media-file-type-manager allows Cross Site Request Forgery.This issue affects WP Media File Type Manager: from n/a through = 2.3.1...

CVE-2025-48328 WordPress Real Time Validation for Gravity Forms plugin <= 1.7.0 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery CSRF vulnerability in Daman Jeet Real Time Validation for Gravity Forms real-time-validation-for-gravity-forms allows Cross Site Request Forgery.This issue affects Real Time Validation for Gravity Forms: from n/a through = 1.7.0...

CVE-2025-48328 WordPress Real Time Validation for Gravity Forms plugin <= 1.7.0 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery CSRF vulnerability in Daman Jeet Real Time Validation for Gravity Forms real-time-validation-for-gravity-forms allows Cross Site Request Forgery.This issue affects Real Time Validation for Gravity Forms: from n/a through = 1.7.0...

CVE-2025-48265

CVE-2025-48265 relates to a CSRF vulnerability in the WordPress plugin Year Make Model Search for WooCommerce (YMM Search for WooCommerce). Affected versions are listed as n/a through 1.0.11. The issue enables Cross-Site Request Forgery for actions affecting the plugin’s settings. Public assets i...

CVE-2025-48265 WordPress Year Make Model Search for WooCommerce plugin <= 1.0.11 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery CSRF vulnerability in Pektsekye Year Make Model Search for WooCommerce ymm-search allows Cross Site Request Forgery.This issue affects Year Make Model Search for WooCommerce: from n/a through = 1.0.11...

CVE-2025-47551 WordPress Wiki Embed plugin <= 1.4.6 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery CSRF vulnerability in ctltwp Wiki Embed allows Cross Site Request Forgery. This issue affects Wiki Embed: from n/a through 1.4.6...

CVE-2025-47451 WordPress Product Quantity Dropdown For Woocommerce plugin <= 1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery CSRF vulnerability in silverplugins217 Product Quantity Dropdown For Woocommerce allows Cross Site Request Forgery. This issue affects Product Quantity Dropdown For Woocommerce: from n/a through 1.2...

CVE-2025-47450 WordPress Simple File List plugin <= 6.1.13 - Settings Change Vulnerability

Missing Authorization vulnerability in Mitchell Bennis Simple File List simple-file-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple File List: from n/a through = 6.1.13...

CVE-2025-23906 WordPress WordPress Dashboard Tweeter plugin <= 1.3.2 - Settings Change vulnerability

Missing Authorization vulnerability in wpseek WordPress Dashboard Tweeter allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Dashboard Tweeter: from n/a through 1.3.2...

CVE-2025-23906

CVE-2025-23906 affects the wpseek WordPress Dashboard Tweeter plugin (versions 1.3.2 and earlier). The root cause is a Missing Authorization vulnerability due to incorrectly configured access control, allowing insufficient authorization checks. Impact is limited to information loss or modificatio...

CVE-2025-24583 WordPress 12 Step Meeting List plugin <= 3.16.5 - Settings Change vulnerability

Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 12 Step Meeting List: from n/a through = 3.16.5...

CVE-2025-39425 WordPress Style Manager plugin <= 2.2.7 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery CSRF vulnerability in pixelgrade Style Manager style-manager allows Cross Site Request Forgery.This issue affects Style Manager: from n/a through = 2.2.7...

CVE-2025-39517

CVE-2025-39517 refers to a CSRF vulnerability in the WordPress plugin Basic Interactive World Map (affected versions

CVE-2025-39545 WordPress WordPress REST API Authentication <= 3.6.3 - Settings Change Vulnerability

Missing Authorization vulnerability in miniOrange WordPress REST API Authentication allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress REST API Authentication: from n/a through 3.6.3...