WordPress Faust.js plugin <= 1.8.7 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by ParkHyunWoo in WordPress Plugin Faust.js versions = 1.8.7...

CVE-2025-68005

Missing Authorization vulnerability in themewant Easy Hotel Booking easy-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Hotel Booking: from n/a through = 1.9.2...

CVE-2025-8572 Truelysell Core <= 1.8.7 - Unauthenticated Privilege Escalation via Registration

The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less than, or equal to, 1.8.7. This is due to insufficient validation of the userrole parameter during user registration. This makes it possible for unauthenticated attackers to create accounts with elevate...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the GetConfig and RefreshResource API endpoints. An attacker can access sensitive configuration data or trigger excessive reconciliations by sending requests with any non-empty Bearer token in the Authorizati...

CVE-2025-30892

Deserialization of Untrusted Data vulnerability in magepeopleteam WpTravelly tour-booking-manager allows Object Injection.This issue affects WpTravelly: from n/a through = 1.8.7...

PT-2022-9501 · WordPress · Advanced Contact Form 7 Db

Name of the Vulnerable Software and Affected Versions: Advanced Contact form 7 DB WordPress plugin versions prior to 1.8.7 Description: The issue allows any authenticated user to delete arbitrary files on the web server due to the lack of authorization and CSRF checks in the acf7 db edit scr file...