Exploit for CVE-2026-8732

WP Maps Pro Unauthenticated Stored Cross-Site Scripting CVE-2...

WordPress Frontend Admin by DynamiApps plugin <= 3.28.36 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Colin Xu in WordPress Plugin Frontend Admin by DynamiApps versions = 3.28.36...

WordPress InfusedWoo Pro plugin <= 5.1.2 - Unauthenticated Missing Authorization to Privilege Escalation vulnerability

Unauthenticated Missing Authorization to Privilege Escalation vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin InfusedWoo Pro versions = 5.1.2...

Unity Linux 20.1070e Security Update: microcode_ctl (UTSA-2026-017785)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017785 advisory. Hardware allows activation of test or debug logic at runtime for some IntelR processors which may allow an unauthenticated user to potentially enable escalation of...

WordPress Mentoring plugin <= 1.2.8 - Unauthenticated Privilege Escalation in mentoring_process_registration vulnerability

Unauthenticated Privilege Escalation in mentoringprocessregistration vulnerability discovered by シルAsuna in WordPress Plugin Mentoring versions = 1.2.8...

Script-for-profile-press-exploit-in-wordpress

CVE-2021-34621 – ProfilePress WP User Avatar Privilege Escal...

Exploit for CVE-2025-2563

CVE-2025-2563 The User Registration & Membership WordPress...

Exploit for CVE-2026-1492

CVE-2026-1492 User Registration & Membership = 5.1.2 -...

CVE-2026-27542-CVE-2026-27540-

--- 🔴 Vulnerability Overview CVE-2026-27542 — Unauthent...

WordPress Barcode Scanner (+Mobile App) plugin <= 1.11.0 - Unauthenticated Privilege Escalation via Insecure Token Authentication vulnerability

Unauthenticated Privilege Escalation via Insecure Token Authentication vulnerability discovered by 0xd4rk5id3 - EnvoraSec in WordPress Plugin Barcode Scanner with Inventory & Order Manager versions = 1.11.0...

CVE-2026-4880

The CVE concerns the WordPress plugin Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS, affected up to version 1.11.0. The root cause is insecure token-based authentication where the plugin trusts a user-supplied Base64-encoded user ID in the token parameter to ide...

WordPress KiviCare plugin <= 4.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via Setup Wizard vulnerability

Missing Authorization to Unauthenticated Privilege Escalation via Setup Wizard vulnerability discovered by WordFence in WordPress Plugin KiviCare versions = 4.1.2...

WordPress Aimogen Pro plugin <= 2.7.5 - Unauthenticated Privilege Escalation via Arbitrary Function Call vulnerability

Unauthenticated Privilege Escalation via Arbitrary Function Call vulnerability discovered by Hung Nguyen yoriss - VN in WordPress Plugin Aimogen Pro versions = 2.7.5...

WordPress User Registration & Membership plugin <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration vulnerability

Unauthenticated Privilege Escalation via Membership Registration vulnerability discovered by Foxyyy in WordPress Plugin User Registration versions = 5.1.2...

CVE-2026-1492 User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration

The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to improper privilege management in all versions up to, and including, 5.1.2. This is due to the plugin accepting a...

WordPress Listee plugin <= 1.1.6 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by シルAsuna in WordPress Theme Listee versions = 1.1.6...

PT-2026-22098

Name of the Vulnerable Software and Affected Versions Woocommerce Wholesale Lead Capture versions through 2.0.3.1 Description An incorrect privilege assignment exists in Woocommerce Wholesale Lead Capture, allowing privilege escalation. Exploitation of this issue does not require authentication a...

CVE-2025-12882 Clasifico Listing <= 2.0 - Unauthenticated Privilege Escalation

The Clasifico Listing plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0. This is due to the plugin allowing users who are registering new accounts to set their own role by supplying the 'listinguserrole' parameter. This makes it possible for...

WordPress Prime Listing Manager plugin <= 1.1 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Prime Listing Manager versions = 1.1...

CVE-2026-0920

CVE-2026-0920 affects the WordPress plugin “LA-Studio Element Kit for Elementor” (≤ 1.5.6.3). The root cause is a missing role restriction in the AJAX registration handler (ajax_register_handle), which lets unauthenticated users supply the lakit_bkrole parameter and create an administrator accoun...