CVE-2025-12350

The DominoKit plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpajaxnoprivdominokitoptionadminaction AJAX endpoint in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to update plugin settings...

CVE-2025-7827

The Ni WooCommerce Customer Product Report plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the niwoocpraction function in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with Subscriber-leve...

PT-2024-16771 · WordPress · 404 Error Monitor

Name of the Vulnerable Software and Affected Versions: 404 Error Monitor plugin for WordPress versions up to, and including, 1.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the updatePluginSettings function. This allows...

CVE-2024-0829

The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.0. This is due to missing or incorrect capability checks on several ajax actions. This makes it possible for authenticated attackers, with subscribe...

CVE-2022-29495

Cross-Site Request Forgery CSRF vulnerability in Sygnoos Popup Builder plugin = 4.1.11 at WordPress allows an attacker to update plugin settings...

CVE-2022-29495

Concisely: The WordPress plugin Sygnoos Popup Builder (WP Plugin: Popup Builder) is affected up to version 4.1.11 by a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to update plugin settings. The root cause is insufficient CSRF protection in settings update handling. Rep...