EUVD-2026-23382

The Canto plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 3.1.1. This is due to the absence of any capability check or nonce verification in the updateOptions function, which is exposed via two AJAX hooks: wpajaxupdateOptions class-canto.php line 231 an...

WordPress plugin Facebook Chat 访问控制错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control...

CVE-2021-4334

The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpdupdateoptions function in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissio...

PT-2023-10298 · WordPress · Wds Multisite Aggregate Plugin

Name of the Vulnerable Software and Affected Versions: WDS Multisite Aggregate Plugin versions up to 1.0.0 Description: A problematic issue was found in the WDS Multisite Aggregate Plugin, affecting the update options function of the file includes/WDS Multisite Aggregate Options.php. This issue...

PT-2023-16691 · WordPress · Intuitive Custom Post Order

Name of the Vulnerable Software and Affected Versions: Intuitive Custom Post Order plugin for WordPress versions up to, and including, 3.1.3 Description: The issue arises from insufficient escaping on the user-supplied objects and tags parameters and a lack of sufficient preparation in the update...