PT-2025-36579

Name of the Vulnerable Software and Affected Versions: AutomatorWP – Automator plugin for WordPress versions through 5.3.7 Description: The AutomatorWP – Automator plugin for WordPress is susceptible to unauthorized access and modification of data. This is due to a missing capability check on...

CVE-2025-5998

The PPWP – Password Protect Pages WordPress plugin before version 1.9.11 allows to put the site content behind a password authorization, however users with subscriber or greater roles can view content via the REST API...

PT-2025-1768 · Unknown · Goodlayers-Core

Name of the Vulnerable Software and Affected Versions: goodlayers-core versions prior to 2.1.3 Description: The issue allows users with a subscriber role or above to upload SVG files that contain malicious payloads. This can be exploited by uploading SVGs with harmful content. Recommendations:...

CVE-2020-36702

The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 1.14.7. This is due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber+ roles to update the...

CVE-2020-36702

The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 1.14.7. This is due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber+ roles to update the...

CVE-2021-24717 AutomatorWP < 1.7.6 - Missing Authorization and Privilege Escalation

The AutomatorWP WordPress plugin before 1.7.6 does not perform capability checks which allows users with Subscriber roles to enumerate automations, disclose title of private posts or user emails, call functions, or perform privilege escalation via Ajax actions...