WordPress plugin Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin MonsterInsights – Google Analytics Dashboard for WordPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

WordPress plugin Canto 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2025-202993

The Premmerce Brands for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveBrandsSettings function in all versions up to, and including, 1.2.13. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2025-12022 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Restore

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ehcrmsettingsrestoretrash' AJAX endpoint in all versions up to, and including, 3.3.1. This makes it possible for authenticated...

CVE-2025-12901

The Asgaros Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing nonce validation on the setsubscriptionlevel function. This makes it possible for unauthenticated attackers to modify the subscription settings of...

CVE-2025-12901

The Asgaros Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing nonce validation on the setsubscriptionlevel function. This makes it possible for unauthenticated attackers to modify the subscription settings of...

CVE-2025-12901

The Asgaros Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing nonce validation on the setsubscriptionlevel function. This makes it possible for unauthenticated attackers to modify the subscription settings of...

CVE-2025-12901

The CVE-2025-12901 entry concerns the WordPress plugin Asgaros Forum. Reports across multiple sources confirm a Cross-Site Request Forgery (CSRF) vulnerability in all versions up to 3.2.1 caused by missing nonce validation in the set_subscription_level() function, enabling unauthenticated attacke...

CVE-2025-12901 Asgaros Forum <= 3.2.1 - Cross-Site Request Forgery to Subscription Settings Update

The Asgaros Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing nonce validation on the setsubscriptionlevel function. This makes it possible for unauthenticated attackers to modify the subscription settings of...

PT-2025-46566

Name of the Vulnerable Software and Affected Versions Asgaros Forum plugin for WordPress versions prior to 3.2.2 Description The software is susceptible to Cross-Site Request Forgery CSRF. This is caused by a lack of nonce validation within the set subscription level function. An unauthenticated...

CVE-2025-11196

The External Login plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.11.2 due to the 'exlogtestconnection' AJAX action lacking capability checks or nonce validation. This makes it possible for authenticated attackers, with subscriber-leve...

CVE-2024-9583

CVE-2024-9583 affects the WordPress plugin “RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging” up to version 4.23.12. The issue is a missing capability check in the wprss_ajax_send_premium_support function, enabling authenticated users with Subscriber-level access and above ...

CVE-2024-0797 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store <= 1.0.6.1 - Missing Authorization

The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 1.0.6.1. This makes it possible fo...

GitLab: Persistent XSS - Selecting users as allowed merge request approvers

Summary: When using the dropdown that selects the users that are allowed to approve a merge request, it is possible to trigger a XSS with a malicious user name string. Description: This vulnerability is similar to the recently announced CVE-2018-10379 and another vulnerability I recently reported...

GitLab: XSS (Persistent) - Selecting role(s) for protected branches

Summary: When using the dropdown that selects the groups or users that are allowed to push or merge to a protected branch within a project, it is possible to trigger a XSS with a malicious user name string. Description: This vulnerability is similar to the recently announced CVE-2018-10379. The...