1348 matches found
CVE-2026-2351 Task Manager <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Read
The Task Manager plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.0.2 via the callbackgettextfromurl function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on th...
CVE-2026-2351
The CVE-2026-2351 entry concerns the WordPress Task Manager plugin (up to version 3.0.2). The vulnerability is an Arbitrary File Read via the callback_get_text_from_url() function, exploitable by authenticated users with Subscriber-level access and above. The impact is exposure of contents from a...
CVE-2026-4127
The Speedup Optimization plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.5.9. The speedup01ajaxenabled function, which handles the wpajaxspeedup01enabled AJAX action, does not perform any capability check via currentusercan and also lacks nonce...
PT-2026-26858
Name of the Vulnerable Software and Affected Versions e-shot form builder plugin for WordPress versions up to and including 1.0.2 Description The e-shot form builder plugin for WordPress is susceptible to exposure of sensitive information. The eshot form builder get account data function,...
CVE-2026-3567
The CVE covers the RepairBuddy WordPress plugin for Repair Shop CRM & Booking (versions up to 4.1132). The root cause is an authorization weakness combining two AJAX handlers: wc_rb_get_fresh_nonce() lets any user generate a valid WordPress nonce for arbitrary actions without capability checks, a...
WordPress Post SMTP plugin <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Office 365 OAuth Configuration Overwrite vulnerability
Missing Authorization to Authenticated Subscriber+ Office 365 OAuth Configuration Overwrite vulnerability discovered by Michael Iden Mickhat - Hack The Box in WordPress Plugin Post SMTP versions = 3.8.0...
CVE-2026-2559 Post SMTP <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Office 365 OAuth Configuration Overwrite
The Post SMTP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handleoffice365oauthredirect function in all versions up to, and including, 3.8.0. This is due to the function being hooked to admininit without any currentusercan check ...
CVE-2026-3492 Gravity Forms <= 2.9.28.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Form Title
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.28.1. This is due to a compound failure involving missing authorization on the createfromtemplate AJAX endpoint allowing any authenticated user to create forms, insufficie...
PT-2026-24579
The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API entry submission endpoint in all versions up to, and including, 1.6.27. This is due to inconsistent input sanitization between the frontend AJAX handler and the REST API endpoint. When entries are...
CVE-2026-3056
The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seraphaccelapi AJAX action with fn=LogClear in all versions up to, and including, 2.28.14. This makes it possible for authenticated attackers, with...
CVE-2026-3056 Seraphinite Accelerator <= 2.28.14 - Missing Authorization to Authenticated (Subscriber+) Log Clearing
The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seraphaccelapi AJAX action with fn=LogClear in all versions up to, and including, 2.28.14. This makes it possible for authenticated attackers, with...
CVE-2025-13603
The CVE concerns WP Audio Gallery for WordPress (
CVE-2025-13603 WP AUDIO GALLERY <= 2.0 - Authenticated (Subscriber+) Arbitrary File Read via .htaccess Manipulation
The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrary File Read in all versions up to, and including, 2.0. This is due to insufficient capability checks and lack of nonce verification on the "wpaghtaccesscallback" function This makes it possible for authenticated...
CVE-2025-12081
The CVE-2025-12081 entry concerns the WordPress plugin ACF Photo Gallery Field (navz-photo-gallery) with versions up to 3.0. The root cause is a missing capability check in the acf_photo_gallery_edit_save function, allowing authenticated attackers with subscriber+ privileges to modify attachment ...
CVE-2026-1639 Taskbuilder <= 5.0.2 - Authenticated (Subscriber+) SQL Injection via 'order' and 'sort_by' Parameters
The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' and 'sortby' parameters in all versions up to, and including, 5.0.2 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2025-12071
CVE-2025-12071 — WordPress Frontend User Notes plugin vulnerable to Insecure Direct Object Reference. The flaw affects versions up to 2.1.0 and stems from missing validation on a user-controlled key in the funp_ajax_modify_notes endpoint, enabling authenticated attackers with Subscriber-level acc...
CVE-2025-12062 WP Maps <= 4.8.6 - Authenticated (Subscriber+) Limited Local File Inclusion
The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8.6 via the fcloadtemplate function. This makes it possible for authenticated attackers, with Subscriber-leve...
CVE-2026-1303
The MailChimp Campaigns plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.2.4. This is due to missing capability checks on the mailchimpcampaignsmanagerdisconnectapp function that is hooked to the AJAX action of the same name. This makes it possib...
CVE-2026-1303 MailChimp Campaigns <= 3.2.4 - Missing Authorization to Authenticated (Subscriber+) MailChimp App Disconnection
The MailChimp Campaigns plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.2.4. This is due to missing capability checks on the mailchimpcampaignsmanagerdisconnectapp function that is hooked to the AJAX action of the same name. This makes it possib...
CVE-2026-1671 Activity Log for WordPress <= 1.2.8 - Missing Authorization to Sensitive Information Exposure via Log File
The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the winteractivitylogaction function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level access...