EUVD-2025-9680

Malicious code in bioql PyPI...

PT-2025-17713 · WordPress · Configurator Theme Core

Name of the Vulnerable Software and Affected Versions: Configurator Theme Core plugin for WordPress versions up to, and including, 1.4.7 Description: The issue is due to the plugin not properly validating user meta fields prior to updating them in the database. This makes it possible for...

CVE-2025-3105 Vehica Core <= 1.0.97 - Authenticated (Subscriber+) Privilege Escalation

The Vehica Core plugin for WordPress, used by the Vehica - Car Dealer & Listing WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 1.0.97. This is due to the plugin not properly validating user meta fields prior to updating them in the database. This make...

CVE-2024-6624

The JSON API User plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.9.3. This is due to improper controls on custom user meta fields. This makes it possible for unauthenticated attackers to register as administrators on the site. The plugin require...

CVE-2024-7291

The JetFormBuilder plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.4.1. This is due to improper restriction on user meta fields. This makes it possible for authenticated attackers, with administrator-level and above permissions, to register as...

CVE-2024-7291

The CVE-2024-7291 entry concerns JetFormBuilder for WordPress. It describes an authenticated privilege-escalation flaw in versions up to and including 3.3.4.1 caused by improper restriction on user meta fields, enabling an administrator+ on multi-site installations to register as a super-admin. C...

CVE-2024-6624

The JSON API User plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.9.3. This is due to improper controls on custom user meta fields. This makes it possible for unauthenticated attackers to register as administrators on the site. The plugin require...

BIT-WORDPRESS-MULTISITE-2020-4050 set-screen-option filter misuse by plugins leading to privilege escalation in WordPress

In affected versions of WordPress, misuse of the set-screen-option filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in...

[SECURITY] [DLA 2371-1] wordpress security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2371-1 [email protected] https://www.debian.org/lts/security/ September 11, 2020 https://wiki.debian.org/LTS - -------------------------------------------------------------------------...

Debian DLA-2269-1 : wordpress security update

Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting XSS attacks, create open redirects, escalate privileges, and bypass authorization access. CVE-2020-4046 In affected versions of WordPress, users with lo...

Privilege Escalation

wordpress is vulnerable to privilege escalation. The vulnerability exists as it allows arbitrary user meta fields to be saved through the set-screen-option filter's return value...

WordPress Multiple Vulnerabilities (Jun 2020) - Windows

WordPress is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescripti...

CVE-2020-4050

In affected versions of WordPress, misuse of the set-screen-option filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in...

CVE-2020-4050

In affected versions of WordPress, misuse of the set-screen-option filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in...

Design/Logic Flaw

In affected versions of WordPress, misuse of the set-screen-option filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in...

CVE-2020-4050

CVE-2020-4050 (WordPress) is a vulnerability where misusing the set-screen-option filter’s return value can enable arbitrary user meta fields to be saved. It requires an admin to install a plugin that misuses the filter, after which low-privilege users may exploit it. The issue was fixed in WordP...

CVE-2020-4050

In affected versions of WordPress, misuse of the set-screen-option filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in...