CVE-2026-4326 Vertex Addons for Elementor <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation via 'afeb_activate_required_plugins'

The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. This is due to improper authorization enforcement in the activaterequiredplugins function. Specifically, the currentusercan'installplugins' capability check does...

CVE-2026-25398

Missing Authorization vulnerability in Webilia Inc. Vertex Addons for Elementor addons-for-elementor-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Vertex Addons for Elementor: from n/a through = 1.6.4...

CVE-2025-69193

Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through = 1.6.4...

CVE-2025-69292

CVE-2025-69292 affects WP Membership (wp-membership) for WordPress,

CVE-2025-49390

The CVE-2025-49390 entry applies to the WordPress plugin “Cookie Notice & Consent” (cookie-notice-consent) and affects versions up to and including 1.6.4. Affected component: the plugin’s web page generation input handling, with the underlying issue described as improper neutralization of input t...

EUVD-2024-45593

Malicious code in bioql PyPI...

WordPress Nokri Theme <= 1.6.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Nokri Type Theme Vulnerable versions = 1.6.4 Fixed in N/A OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2025-58259 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 2379088ca94b Credits Tran Nguyen Bao Khanh VCI -...

WordPress Simple Contact Forms plugin <= 1.6.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin Simple Contact Forms versions = 1.6.4...

CVE-2023-36511

Cross-Site Request Forgery CSRF vulnerability in WooCommerce WooCommerce Order Barcodes plugin = 1.6.4 versions...

CVE-2025-46249

Cross-Site Request Forgery CSRF vulnerability in Michael Simple calendar for Elementor allows Cross Site Request Forgery. This issue affects Simple calendar for Elementor: from n/a through 1.6.4...

CVE-2025-46249 WordPress Simple calendar for Elementor plugin <= 1.6.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Michael Simple calendar for Elementor simple-calendar-for-elementor allows Cross Site Request Forgery.This issue affects Simple calendar for Elementor: from n/a through = 1.6.4...

WordPress Cardealer theme <= 1.6.4 - Cross-Site Request Forgery to User Update via update_user_profile vulnerability

Cross-Site Request Forgery to User Update via updateuserprofile vulnerability discovered by István Márton in WordPress Theme Car Dealer versions = 1.6.4...

WordPress Cardealer theme <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Change and Delete JS and CSS Files vulnerability

Missing Authorization to Authenticated Subscriber+ Change and Delete JS and CSS Files vulnerability discovered by István Márton in WordPress Theme Car Dealer versions = 1.6.4...

CVE-2024-13354

The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML tags in several widgets in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. Thi...

CVE-2024-43342

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 1.6.4...

WordPress plugin WP Fundraising Donation and Crowdfunding Platform security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-18440 · WordPress · Arforms Form Builder

Name of the Vulnerable Software and Affected Versions: ARForms Form Builder plugin for WordPress versions up to, and including, 1.6.4 Description: The issue is related to a missing capability check on the arflite remove preview data function, allowing authenticated attackers with subscriber acces...

WordPress Enhanced Text Widget plugin <= 1.6.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Enhanced Text Widget versions = 1.6.4...