4 matches found
CVE-2026-8616
The CVE-2026-8616 entry concerns the Fense Proxy & VPN Blocker WordPress plugin. Affected versions are up to 3.0.1, where the fense_bpvt_save_settings() AJAX handler lacks a capability check and nonce validation. The callback is registered for both wp_ajax_* and wp_ajax_nopriv_* and unconditional...
EUVD-2026-45126
The Fense Proxy & VPN Blocker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce validation on the fensebpvtsavesettings function in versions up to, and including, 3.0.1. The callback is registered to both wpajax and...
CVE-2025-5811 Listly: Listicles For WordPress <= 2.7 - Unauthenticated Arbitrary Transient Deletion
The Listly: Listicles For WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Init function in all versions up to, and including, 2.7. This makes it possible for unauthenticated attackers to delete arbitrary transient values o...
CVE-2025-5811 Listly: Listicles For WordPress <= 2.7 - Unauthenticated Arbitrary Transient Deletion
The Listly: Listicles For WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Init function in all versions up to, and including, 2.7. This makes it possible for unauthenticated attackers to delete arbitrary transient values o...