47 matches found
CVE-2026-9018 Easy Elements for Elementor – Addons & Website Templates <= 1.4.5 - Unauthenticated Privilege Escalation via 'custom_meta' Parameter
The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.5 via the easyelhandleregister function. This is due to the wpajaxnopriveelregister AJAX handler iterating the attacker-controlled...
CVE-2025-12158
The Simple User Capabilities plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the sucsubmitcapabilities function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to elevate the role of any user account t...
CVE-2025-12157
The Simple User Capabilities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxnoprivresetcapability' AJAX endpoint in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to reset any...
WordPress Simple User Capabilities plugin <= 1.0 - Missing Authorization to Unauthenticated Capability Reset vulnerability
Missing Authorization to Unauthenticated Capability Reset vulnerability discovered by D01EXPLOIT OFFICIAL in WordPress Plugin Simple User Capabilities versions = 1.0...
CVE-2025-12158
CVE-2025-12158 affects WordPress plugin Simple User Capabilities. Wordfence reports a missing authorization check in suc_submit_capabilities() across versions up to 1.0, enabling unauthenticated attackers to elevate any user to administrator. CVSSv3.1 is rated 9.8 (Critical); exploitation is list...
CVE-2025-12158 Simple User Capabilities <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
The Simple User Capabilities plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the sucsubmitcapabilities function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to elevate the role of any user account t...
CVE-2025-12157
CVE-2025-12157 concerns the WordPress plugin Simple User Capabilities . The connected documents confirm an unauthenticated modification risk due to a missing permission check on the AJAX endpoint wp_ajax_nopriv_reset_capability , affecting versions up to and including 1.0 . This can allow an unau...
CVE-2025-12157 Simple User Capabilities <= 1.0 - Missing Authorization to Unauthenticated Capability Reset
The Simple User Capabilities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxnoprivresetcapability' AJAX endpoint in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to reset any...
WordPress plugin Simple User Capabilities 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress plugin Simple User Capabilities 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
EUVD-2018-3656
Malware in sbrugna...
EUVD-2024-47515
Malicious code in bioql PyPI...
EUVD-2024-48514
Malicious code in bioql PyPI...
EUVD-2022-5264
Malicious code in bioql PyPI...
EUVD-2025-4857
Malicious code in bioql PyPI...
EUVD-2024-49550
Malicious code in bioql PyPI...
EUVD-2022-46833
Malicious code in bioql PyPI...
EUVD-2022-43170
Malicious code in bioql PyPI...
EUVD-2023-59034
Malicious code in bioql PyPI...
WordPress plugin Event List 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin Event List...