CVE-2026-9050 Slider Revolution 6.0.0-6.7.55 and 7.0.0-7.0.14 - Missing Authorization to Authenticated (Contributor+) Arbitrary Plugin Deactivation

The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 and 7.0.0-7.0.14 is vulnerable to unauthorized modification of data. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

EUVD-2024-50186

Malicious code in bioql PyPI...

CVE-2025-8102 Easy Digital Downloads <= 3.5.0 - Cross-Site Request Forgery to Plugin Deactivation via edd_sendwp_disconnect and edd_sendwp_remote_install Functions

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing nonce validations in the eddsendwpdisconnect and eddsendwpremoteinstall functions. This makes it possible for unauthenticated attackers t...

CVE-2024-9891

The Multiline files upload for contact form 7 plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the mfcf7zlcustomhandledeactivationpluginformsubmission function in all versions up to, and including, 2.8.1. This makes it possible for...

CVE-2024-10437 WPC Smart Messages for WooCommerce <= 4.2.1 - Missing Authorization to Authenticated (Subscriber+) Message Activation/Deactivation

The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to unauthorized Smar Message activation/deactivation due to a missing capability check on the ajaxenable function in all versions up to, and including, 4.2.1. This makes it possible for authenticated attackers, with...

CVE-2024-9891

The Multiline files upload for contact form 7 plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the mfcf7zlcustomhandledeactivationpluginformsubmission function in all versions up to, and including, 2.8.1. This makes it possible for...

CVE-2024-9891 Multiline files upload for contact form 7 <= 2.8.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Deactivation

The Multiline files upload for contact form 7 plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the mfcf7zlcustomhandledeactivationpluginformsubmission function in all versions up to, and including, 2.8.1. This makes it possible for...

WordPress plugin Multiline files upload for contact form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress plugin Registration Forms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2024-1217

The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the awaitplugindeactivation function in all versions up to, and including, 2.3.41. This makes it possible for...

WordPress Plugin Contact Form builder with drag & drop security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2019-12363

An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin through 2014-11-05 for MyBB. An attacker can forge a request to an installed mybb2fa plugin to control its state via usercp.php?action=mybb2fa&do=deactivate or usercp.php?action=mybb2fa&do=activate. A deactivate operation lowers the...

CVE-2019-12363

CVE-2019-12363 describes a CSRF vulnerability in the JN-Jones MyBB-2FA plugin for MyBB (up to 2014-11-05). An attacker can forge requests to an installed mybb2fa plugin to change its state via usercp.php?action=mybb2fa&do=deactivate (or ...&do=activate). This deactivates two-factor authentication...

Design/Logic Flaw

Due to the use of an insecure RFID technology MIFARE Classic, ABUS proximity chip keys RFID tokens of the ABUS Secvest FUAA50000 wireless alarm system can easily be cloned and used to deactivate the alarm system in an unauthorized way...

CVE-2019-9861

The CVE-2019-9861 entry concerns ABUS Secvest FUAA50000 wireless alarm system: an insecure RFID technology (MIFARE Classic) allows cloning of proximity chip keys (RFID tokens) and unauthorized deactivation of the alarm. Affected component is the RFID-based access mechanism used by ABUS proximity ...

[SYSS-2015-003] Kaspersky Small Office Security - Authentication Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-003 Product: Kaspersky Small Office Security KSOS Vendor: Kaspersky Lab ZAO Affected Versions: 13.0.4.233 Tested Versions: 13.0.4.233 Vulnerability Type: Authentication Bypass Using an Alternate Path or Channel CWE-288 Risk...

[SYSS-2015-019] BullGuard Antivirus - Authentication Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-019 Product: BullGuard Antivirus Vendor: BullGuard Ltd. Affected Versions: 15.0.297 Tested Versions: 15.0.297 Vulnerability Type: Authentication Bypass Using an Alternate Path or Channel CWE-288 Risk Level: Medium Solution...

[SYSS-2015-014] Panda Global Protection 2015 - Authentication Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-014 Product: Panda Global Protection 2015 Vendor: Panda Security Affected Versions: 15.1.0 Tested Versions: 15.1.0 Vulnerability Type: Authentication Bypass Using an Alternate Path or Channel CWE-288 Risk Level: Medium Solutio...

[SYSS-2015-012] Panda Internet Security 2015 - Authentication Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-012 Product: Panda Internet Security 2015 Vendor: Panda Security Affected Versions: 15.0.1 Tested Versions: 15.0.1 Vulnerability Type: Authentication Bypass Using an Alternate Path or Channel CWE-288 Risk Level: Medium Solutio...

[SYSS-2015-015] Panda Gold Protection 2015 - Authentication Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-015 Product: Panda Gold Protection 2015 Vendor: Panda Security Affected Versions: 15.1.0 Tested Versions: 15.1.0 Vulnerability Type: Authentication Bypass Using an Alternate Path or Channel CWE-288 Risk Level: Medium Solution...