CVE-2026-1916 WPGSI: Spreadsheet Integration <= 3.8.3 - Missing Authorization to Unauthenticated Arbitrary Post Creation and Deletion via Forged Base64 Token

The WPGSI: Spreadsheet Integration plugin for WordPress is vulnerable to unauthorized modification and loss of data due to missing capability checks and an insecure authentication mechanism on the wpgsicallBackFuncAccept and wpgsicallBackFuncUpdate REST API functions in all versions up to, and...

CVE-2025-12156 Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One 2.0.7 - 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Post Creation

The Ai Auto Tool Content Writing Assistant Gemini Writer, ChatGPT All in One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savepostdata function in versions 2.0.7 to 2.2.6. This makes it possible for authenticated attackers, with...

EUVD-2024-17264

Malicious code in bioql PyPI...

CVE-2025-4683 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.17.5 - Missing Authorization to Authenticated (Subscriber+) Posts Creation

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createblog function in all versions up to, and including, 4.17.5. This makes it possible for authenticated attackers, wit...

CVE-2024-0900

The Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! plugin for WordPress is vulnerable to unauthorized post creation due to a missing capability check on the elesparecreatepost function hooked via AJAX in all...

CVE-2024-6012

The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'embed-create-page' and 'embed-insert-pages' functions in all versions up to, and including, 3.2.12. This makes it possible for authenticated attackers, wit...

CVE-2024-0900 Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! <= 2.1.2 - Missing Authorization to Subscriber+ Arbitrary Post Creation

The Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! plugin for WordPress is vulnerable to unauthorized post creation due to a missing capability check on the elesparecreatepost function hooked via AJAX in all...

CVE-2024-0900 Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! <= 2.1.2 - Missing Authorization to Subscriber+ Arbitrary Post Creation

The Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! plugin for WordPress is vulnerable to unauthorized post creation due to a missing capability check on the elesparecreatepost function hooked via AJAX in all...

CVE-2024-0900

The CVE-2024-0900 entry concerns the Elespare WordPress plugin. It documents a vulnerability that allows authenticated attackers with subscriber-level access and above to create arbitrary posts due to a missing capability check in the elespare_create_post() function, which is invoked via AJAX. Th...

PT-2024-15904 · WordPress · Elespare

Name of the Vulnerable Software and Affected Versions: Elespare plugin for WordPress versions up to, and including, 2.1.2 Description: The issue is related to unauthorized post creation due to a missing capability check on the elespare create post function, which is hooked via AJAX. This allows...

Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! < 2.1.3 - Missing Authorization to Subscriber+ Arbitrary Post Creation

Description The Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! plugin for WordPress is vulnerable to unauthorized post creation due to a missing capability check on the elesparecreatepost function hooked via AJ...

CVE-2024-1516

The WP eCommerce plugin for WordPress is vulnerable to unauthorized arbitrary post creation due to a missing capability check on the checkforsaaspush function in all versions up to, and including, 3.15.1. This makes it possible for unauthenticated attackers to create arbitrary posts with arbitrar...

WordPress Plugin WP eCommerce Security Vulnerabilities

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Multiple Vulnerabilities (Dec 2018) - Linux

WordPress is prone to multiple vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2009-4801

EZ-Blog Beta 1 does not require authentication, which allows remote attackers to create or delete arbitrary posts via requests to PHP scripts...