CVE-2026-24364 WordPress WP User Frontend plugin <= 4.2.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.5...

CVE-2026-25036 WordPress Passster plugin <= 4.2.25 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Chill Passster content-protector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Passster: from n/a through = 4.2.25...

EUVD-2026-4901

The Forms Bridge – Infinite integrations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in the 'financoopcampaign' shortcode in all versions up to, and including, 4.2.5. This is due to insufficient input sanitization and output escaping on the...

CVE-2025-49950 WordPress Official Integration for Billingo plugin <= 4.3.0 - Privilege Escalation vulnerability

Missing Authorization vulnerability in billingo Official Integration for Billingo billingo allows Privilege Escalation.This issue affects Official Integration for Billingo: from n/a through = 4.3.0...

WordPress Stratus Theme <= 4.2.5 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme App, SaaS & Software Startup Tech Theme - Stratus versions = 4.2.5...

PT-2022-25292 · Searchwp · Searchwp

Name of the Vulnerable Software and Affected Versions: SearchWP premium plugin versions = 4.2.5 Description: The issue concerns nonce token leakage and missing authorization in the SearchWP premium plugin, allowing unauthorized changes to plugin settings. Recommendations: For SearchWP premium...

CVE-2018-6200

vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter...