2 matches found
CVE-2026-12415
The CVE concerns the WordPress plugin Invoice Generator. Vulnerable in versions up to 1.0.0 due to a missing capability check on the pravel_invoice_edit_account() AJAX action. The handler is exposed via wp_ajax_nopriv_pravel_invoice_edit_account and accepts attacker-controlled user_id and user_em...
EUVD-2025-60939
The Ninja Countdown | Fastest Countdown Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ninjacountdownadminajax' AJAX endpoint in all versions up to, and including, 1.5.0. This makes it possible for authenticated attackers, with...