CVE-2025-12391 Restrictions for BuddyPress <= 1.5.2 - Missing Authorization to Unauthenticated Tracking Status Update

The Restrictions for BuddyPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handleoptinoptout function in all versions up to, and including, 1.5.2. This makes it possible for unauthenticated attackers to opt in and out of tracki...

WordPress Cryptocurrency Payment Gateway for WooCommerce plugin <= 2.0.25 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Cryptocurrency Payment Gateway for WooCommerce versions = 2.0.25...

CVE-2016-6543

CVE-2016-6543 describes an issue in iTrack Easy where a captured MAC/device ID can be registered under multiple user accounts, allowing access to getgps GPS data and enabling unauthenticated parties to track the device. The connected documents confirm the exposure and associated risk but do not p...

iTrack Easy contains multiple vulnerabilities

Overview iTrack Easy contains multiple vulnerabilities including sensitive information exposure and missing authentication. Description CWE-200: Information Exposure - CVE-2016-6542The iTrack device tracking ID number is the device's BLE MAC address. It can be obtained by being in range of the...