49 matches found
WordPress plugin Contact Form vCard Generator 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
Notification Bar for WordPress <= 1.1.8 – Unauthenticated Subscriber Data Disclosure
Description The plugin exposes an unauthenticated CSV export script that discloses all stored subscriber emails. PoC https://example.com/wp-content/plugins/8-degree-notification-bar/inc/backend/blocks/export-csv.php...
CVE-2025-13493 Latest Registered Users <= 1.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via User Data Export
The Latest Registered Users plugin for WordPress is vulnerable to unauthorized user data export in all versions up to, and including, 1.4. This is due to missing authorization and nonce validation in the rndhandleformsubmit function hooked to both adminpostmysimpleform and...
WordPress Course Booking System plugin <= 6.1.5 - Missing Authorization to Unauthenticated Booking Data Export vulnerability
Missing Authorization to Unauthenticated Booking Data Export vulnerability discovered by Powpy in WordPress Plugin Course Booking System versions = 6.1.5...
EUVD-2025-203077
The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.2. This is due to missing nonce validation on the 'ayssccpresultsexportfile' AJAX action. This makes it possible for unauthenticated...
CVE-2025-13606 Export All Posts, Products, Orders, Refunds & Users <= 2.19 - Cross-Site Request Forgery to Sensitive Information Exposure
The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.19. This is due to missing or incorrect nonce validation on the parseData function. This makes it possible for unauthenticated attackers...
CVE-2025-13414
The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to unauthorized data export due to a missing capability check on the cdashwatchforexport function in all versions up to, and including, 3.3.11. This makes it possible for unauthenticated attackers to export business...
EUVD-2025-199583
The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to unauthorized data export due to a missing capability check on the cdashwatchforexport function in all versions up to, and including, 3.3.11. This makes it possible for unauthenticated attackers to export business...
CVE-2025-13414 Chamber Dashboard Business Directory <= 3.3.11 - Missing Authorization to Unauthenticated Business Information Export
The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to unauthorized data export due to a missing capability check on the cdashwatchforexport function in all versions up to, and including, 3.3.11. This makes it possible for unauthenticated attackers to export business...
CVE-2025-13414 Chamber Dashboard Business Directory <= 3.3.11 - Missing Authorization to Unauthenticated Business Information Export
The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to unauthorized data export due to a missing capability check on the cdashwatchforexport function in all versions up to, and including, 3.3.11. This makes it possible for unauthenticated attackers to export business...
CVE-2025-13414
CVE-2025-13414 affects the Chamber Dashboard Business Directory plugin for WordPress. The vulnerability arises from a missing capability check on the export function (cdash_watch_for_export), enabling unauthenticated attackers to export sensitive business-directory data. All versions up to and in...
EUVD-2025-35354
The NS Maintenance Mode for WP WordPress plugin through 1.3.1 lacks authorization in its subscriber export function allowing unauthenticated attackers to download a list of a site's subscribers containing their name and email address...
CVE-2025-10638 NS Maintenance Mode for WP <= 1.3.1 - Unauthenticated Subscribers Export
The NS Maintenance Mode for WP WordPress plugin through 1.3.1 lacks authorization in its subscriber export function allowing unauthenticated attackers to download a list of a site's subscribers containing their name and email address...
WordPress plugin NS Maintenance Mode for WP 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A security...
EUVD-2021-34180
Malicious code in bioql PyPI...
CVE-2021-4353
The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated settings export in versions up to, and including, 2.4.1. This is due to missing authorization on the export function which makes makes it possible for unauthenticated attackers to export the plugin...
WordPress IP2Location Redirection plugin <= 1.33.3 - Missing Authorization to Unauthenticated Settings Export vulnerability
Missing Authorization to Unauthenticated Settings Export vulnerability discovered by Krzysztof Zając in WordPress Plugin IP2Location Redirection versions = 1.33.3...
WordPress Safe Ai Malware Protection for WP plugin <= 1.0.17 - Missing Authorization to Unauthenticated Database Export vulnerability
Missing Authorization to Unauthenticated Database Export vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin Safe Ai Malware Protection for WP versions = 1.0.17...
WordPress Export Import Menus plugin <= 1.9.1 - Missing Authorization to Unauthenticated Menu Export vulnerability
Missing Authorization to Unauthenticated Menu Export vulnerability discovered by BrokenAC ignore in WordPress Plugin Export Import Menus versions = 1.9.1...
CVE-2024-11334
The My Contador lesr plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportarregistros function in all versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to export user data...