57 matches found
Simple User Registration <= 6.3 - Unauthenticated Privilege Escalation
The Simple User Registration plugin ≤ 6.3 is vulnerable to privilege escalation. It lacks proper restrictions on user meta values during registration. Unauthenticated attackers can exploit this to register as administrators. id: CVE-2025-4334 info: name: Simple User Registration = 6.3 -...
CVE-2026-14482
The CVE-2026-14482 entry covers the WordPress plugin “多说社会化评论框” (
CVE-2026-11387 SMS Alert <= 3.9.5 - Unauthenticated Privilege Escalation via Arbitrary Password Reset
The SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.9.5. This is due to the plugin not properly validating a user's identity prior to updati...
CVE-2026-56033
Unauthenticated Privilege Escalation in Dokan Pro = 5.0.4 versions...
CVE-2026-56028
CVE-2026-56028 describes an unauthenticated privilege-escalation vulnerability in the WordPress plugin Easy Elements for Elementor – Addons & Website Templates (versions
PT-2026-52744
Name of the Vulnerable Software and Affected Versions Easy Elements for Elementor – Addons & Website Templates versions prior to 1.5.0 Description An unauthenticated privilege escalation issue exists, allowing an attacker to gain higher-level permissions without providing valid credentials...
CVE-2026-49063 WordPress Listdom plugin <= 5.5.0 - Privilege Escalation vulnerability
Unauthenticated Privilege Escalation in Listdom = 5.5.0 versions...
CVE-2026-53408
The CVE-2026-53408 vulnerability affects Zoom Workplace: Android before 7.0.4 and iOS before 7.0.3. It is due to Improper Authorization in the Handler for a Custom URL Scheme, enabling an unauthenticated privilege escalation via network access. The CVSSv3.1 base score is 8.1 (High) with Network a...
EUVD-2026-36522
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access...
Exploit for CVE-2026-8732
CVE-2026-8732 — WP Maps Pro ≤ 6.1.0 ♡ Unauthenticated Privil...
WordPress Frontend Admin by DynamiApps plugin <= 3.29.2 - Unauthenticated Privilege Escalation vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by daroo in WordPress Plugin Frontend Admin by DynamiApps versions = 3.29.2...
Astra Linux – Vulnerability in edk2
Improper configuration in the system firmware for EDK II may allow unauthenticated users to potentially enable privilege escalation, information disclosure, and/or denial of service through local access...
PYSEC-2026-119
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploited by unauthenticated attackers to query the API as any existing user, including the default admi...
Nginx UI 访问控制错误漏洞
Nginx UI is a web interface for Nginx developed by Jacky. Version 2.3.5 of Nginx UI contains an access control vulnerability, which stems from unauthenticated privilege escalation during the initial installation process via the POST /api/install endpoint...
Exploit for CVE-2025-2563
CVE-2025-2563 — User Registration & Membership | Full-Chain Ad...
Exploit for CVE-2026-0920
CVE-2026-0920- LA-Studio Element Kit for Elementor = 1.5.6...
CVE-2026-4880 Barcode Scanner (+Mobile App) <= 1.11.0 - Unauthenticated Privilege Escalation via Insecure Token Authentication
The Barcode Scanner +Mobile App – Inventory manager, Order fulfillment system, POS Point of Sale plugin for WordPress is vulnerable to privilege escalation via insecure token-based authentication in all versions up to, and including, 1.11.0. This is due to the plugin trusting a user-supplied...
CVE-2026-5130
The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthenticated Privilege Escalation in versions up to and including 1.3.2. This was due to the plugin accepting the wpdebugtroubleshootsimulateuser cookie value directly as a user ID without any cryptographic validation or...
CVE-2026-5130
The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthenticated Privilege Escalation in versions up to and including 1.3.2. This was due to the plugin accepting the wpdebugtroubleshootsimulateuser cookie value directly as a user ID without any cryptographic validation or...
CVE-2026-5130
The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthenticated Privilege Escalation in versions up to and including 1.3.2. This was due to the plugin accepting the wpdebugtroubleshootsimulateuser cookie value directly as a user ID without any cryptographic validation or...