2 matches found
CVE-2026-3155
The CVE refers to the OneSignal – Web Push Notifications plugin for WordPress, vulnerable to an authorization bypass through versions up to 3.8.0 caused by improper verification of user authorization. This enables authenticated attackers with subscriber-level access and above to delete OneSignal ...
CVE-2025-5998 PPWP < 1.9.11 - Subscriber+ Access Bypass via REST API
The PPWP – Password Protect Pages WordPress plugin before version 1.9.11 allows to put the site content behind a password authorization, however users with subscriber or greater roles can view content via the REST API...