3 matches found
CVE-2026-14158 Widget Logic Visual <= 1.52 - Authenticated (Subscriber+) Remote Code Execution via 'nwlv[cod-tag]' Parameter
The Widget Logic Visual plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.52 via the widgetlogicvisualcheckvisibility function. This is due to missing capability check and nonce verification on the widget-logic-update-conditional-tags AJAX action...
CVE-2026-11616
The Events Calendar for GeoDirectory plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 2.3.28. This is due to the ajaxayiaction handler only applying striptagsescsql — with no allow-list — to the attacker-controlled $POST'type' and $POST'postid' values...
PT-2023-11833 · E Plugins · Final-User-Wp-Frontend-User-Profiles +9
Name of the Vulnerable Software and Affected Versions: directory-pro WordPress plugin versions prior to 1.9.5 final-user-wp-frontend-user-profiles WordPress plugin versions prior to 1.2.2 photographer-directory WordPress plugin versions prior to 1.0.9 real-estate-pro WordPress plugin versions pri...