28 matches found
CVE-2026-7249
The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the splwupdateblockoptions and lwpcleanweathertransients functions in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with...
CVE-2026-7249
The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the splwupdateblockoptions and lwpcleanweathertransients functions in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with...
CVE-2026-7249
The CVE-2026-7249 entry pertains to the WordPress Location Weather plugin (versions up to 3.0.2). It lacks capability checks in splw_update_block_options() and lwp_clean_weather_transients(), allowing authenticated contributors+ to disable all weather blocks and purge weather cache transients. Th...
WordPress Royal Elementor Kit plugin <= 1.0.116 - Missing Authorization to Arbitrary Transient Update vulnerability
Missing Authorization to Arbitrary Transient Update vulnerability discovered by Sean Murphy in WordPress Theme Royal Elementor Kit versions = 1.0.116...
CVE-2025-10008 Translate WordPress and go Multilingual – Weglot <= 5.1 - Missing Authorization to Unauthenticated Limited Transient Deletion
The Translate WordPress and go Multilingual – Weglot plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cleanoptions' function in all versions up to, and including, 5.1. This makes it possible for unauthenticated attackers to delete limited...
PT-2025-44371
Name of the Vulnerable Software and Affected Versions Translate WordPress and go Multilingual – Weglot plugin for WordPress versions up to and including 5.1 Description The software is susceptible to unauthorized data loss. This is due to a missing capability check within the clean options...
CVE-2025-11244
The Password Protected plugin for WordPress is vulnerable to authorization bypass via IP address spoofing in all versions up to, and including, 2.7.11. This is due to the plugin trusting client-controlled HTTP headers such as X-Forwarded-For, HTTPCLIENTIP, and similar headers to determine user IP...
CVE-2025-11244
The Password Protected plugin for WordPress is vulnerable to authorization bypass via IP address spoofing in all versions up to, and including, 2.7.11. This is due to the plugin trusting client-controlled HTTP headers such as X-Forwarded-For, HTTPCLIENTIP, and similar headers to determine user IP...
CVE-2025-11244
CVE-2025-11244 affects the WordPress Password Protected plugin (versions ≤ 2.7.11). The vulnerability arises because the plugin trusts client-controlled HTTP headers (eg, X-Forwarded-For, HTTP_CLIENT_IP) in pp_get_ip_address() when the Use transients option is enabled, enabling an unauthenticated...
EUVD-2025-35905
The Password Protected plugin for WordPress is vulnerable to authorization bypass via IP address spoofing in all versions up to, and including, 2.7.11. This is due to the plugin trusting client-controlled HTTP headers such as X-Forwarded-For, HTTPCLIENTIP, and similar headers to determine user IP...
CVE-2025-11244 Password Protected <= 2.7.11 - Unauthenticated Authorization Bypass via IP Address Spoofing
The Password Protected plugin for WordPress is vulnerable to authorization bypass via IP address spoofing in all versions up to, and including, 2.7.11. This is due to the plugin trusting client-controlled HTTP headers such as X-Forwarded-For, HTTPCLIENTIP, and similar headers to determine user IP...
PT-2025-43704
Name of the Vulnerable Software and Affected Versions Password Protected plugin for WordPress versions prior to 2.7.12 Description The Password Protected plugin for WordPress is susceptible to authorization bypass through IP address spoofing. This occurs because the plugin relies on...
A Halpha Metric for Identifying Dormant Black Holes in X-Ray Transients
Dormant black holes BHs in X-ray transients can be identified by the presence of broad Ha emission lines from quiescent accretion discs. Unfortunately, short-period cataclysmic variables CVs can also produce broad Ha lines, especially when viewed at high inclinations, and are thus a major source ...
CVE-2024-10045
The Transients Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the processactions function. This makes it possible for unauthenticated attackers to delete transients via a...
PT-2025-1702 · WordPress · Nitropack
Name of the Vulnerable Software and Affected Versions: NitroPack plugin for WordPress versions up to, and including, 1.17.0 Description: The issue arises from a missing capability check in the nitropack rml notification function, allowing authenticated attackers with subscriber access or higher t...
CVE-2024-10045
The Transients Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the processactions function. This makes it possible for unauthenticated attackers to delete transients via a...
CVE-2024-10045
The Transients Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the processactions function. This makes it possible for unauthenticated attackers to delete transients via a...
CVE-2024-10045
CVE-2024-10045 affects the WordPress plugin Transients Manager (versions
CVE-2024-10045 Transients Manager <= 2.0.6 - Cross-Site Request Forgery
The Transients Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the processactions function. This makes it possible for unauthenticated attackers to delete transients via a...
CVE-2024-10045 Transients Manager <= 2.0.6 - Cross-Site Request Forgery
The Transients Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the processactions function. This makes it possible for unauthenticated attackers to delete transients via a...