3 matches found
CVE-2025-2276
CVE-2025-2276 affects Ultimate Dashboard – Custom WordPress Dashboard plugin. Root cause: missing capability check in handle_module_actions across versions up to 3.8.7, enabling authenticated users with Subscriber+ roles to activate/deactivate plugin modules. Documented impact: unauthorized modif...
CVE-2025-1408
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdeclinejoingrouprequest and pmapprovejoingrouprequest functions in all versions up to, and including, 5.9.4.4. This makes it...
CVE-2024-13737 Motors – Car Dealer, Classifieds & Listing <= 1.4.57 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Listing Template Creation
The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the motorscreatetemplate and motorsdeletetemplate functions in all versions up to, and including, 1.4.57. This makes it possible for...