WordPress WP Subscribe plugin <= 1.2.16 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WP Subscribe versions = 1.2.16...

CVE-2026-24522

Missing Authorization vulnerability in MyThemeShop WP Subscribe wp-subscribe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscribe: from n/a through = 1.2.16...

CVE-2026-24522 WordPress WP Subscribe plugin <= 1.2.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in MyThemeShop WP Subscribe wp-subscribe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscribe: from n/a through = 1.2.16...

CVE-2026-24522

Missing Authorization vulnerability in MyThemeShop WP Subscribe wp-subscribe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscribe: from n/a through = 1.2.16...

CVE-2026-24522

CVE-2026-24522 describes a Missing Authorization (broken access control) vulnerability in MyThemeShop WP Subscribe (wp-subscribe), affecting WP Subscribe versions up to 1.2.16. The CVSS 3.1 base score is 4.3 (Medium) with network attack, low exploit complexity, and low confidentiality impact. The...

PT-2026-4372

Name of the Vulnerable Software and Affected Versions MyThemeShop WP Subscribe versions through 1.2.16 Description An authorization issue exists in MyThemeShop WP Subscribe wp-subscribe, allowing exploitation due to incorrectly configured access control security levels. Recommendations Update WP...

WordPress plugin WP Subscribe has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

EUVD-2025-205210

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Astra Widgets astra-widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through = 1.2.16...

CVE-2025-68497

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Astra Widgets astra-widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through = 1.2.16...

CVE-2025-68497 WordPress Astra Widgets plugin <= 1.2.16 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Astra Widgets astra-widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through = 1.2.16...

CVE-2025-68497 WordPress Astra Widgets plugin <= 1.2.16 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Astra Widgets astra-widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through = 1.2.16...

WordPress plugin Astra Widgets 安全漏洞

WordPress Astra Widgets plugin is a widgets extension plugin developed by the Astra Themes team to enhance the functionality of Astra themes. WordPress Astra Widgets plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping...

CVE-2025-13764

The WP CarDealer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.16. This is due to the 'WPCarDealerUser::processregister' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers t...

CVE-2025-13764 WP CarDealer <= 1.2.16 - Unauthenticated Privilege Escalation

The WP CarDealer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.16. This is due to the 'WPCarDealerUser::processregister' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers t...

CVE-2025-13764

The CVE-2025-13764 entry affects the WordPress WP CarDealer plugin. The vulnerability exists in all versions up to and including 1.2.16 due to the WP_CarDealer_User::process_register function not restricting which user roles can be assigned during registration. As a result, unauthenticated attack...

CVE-2025-13764 WP CarDealer <= 1.2.16 - Unauthenticated Privilege Escalation

The WP CarDealer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.16. This is due to the 'WPCarDealerUser::processregister' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers t...

PT-2025-50569

The WP CarDealer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.16. This is due to the 'WP CarDealer User::process register' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attacker...

CVE-2025-12920

A flaw has been found in qianfox FoxCMS up to 1.2.16. Affected by this vulnerability is the function add/edit of the file app/admin/controller/Product.php. This manipulation of the argument Title causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-12920

FoxCMS up to 1.2.16 contains a cross-site scripting vulnerability in the add/edit path (app/admin/controller/Product.php, Title parameter). The issue can be triggered remotely and an exploit has been published; vendor did not respond. Affected versions should be updated to mitigate; as a workarou...

CVE-2025-12920 qianfox FoxCMS Product.php edit cross site scripting

A flaw has been found in qianfox FoxCMS up to 1.2.16. Affected by this vulnerability is the function add/edit of the file app/admin/controller/Product.php. This manipulation of the argument Title causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been...