CVE-2026-6441

The Canto plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 3.1.1. This is due to the absence of any capability check or nonce verification in the updateOptions function, which is exposed via two AJAX hooks: wpajaxupdateOptions class-canto.php line 231 an...

CVE-2026-6441 Canto <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Setting Modification

The Canto plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 3.1.1. This is due to the absence of any capability check or nonce verification in the updateOptions function, which is exposed via two AJAX hooks: wpajaxupdateOptions class-canto.php line 231 an...

CVE-2025-53266 WordPress Cron Logger plugin <= 1.3.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in EdwardBock Cron Logger cron-logger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cron Logger: from n/a through = 1.3.0...

WordPress Cron Jobs Plugin <= 1.2.9 is vulnerable to Cross Site Scripting (XSS)

Software Cron Jobs Type Plugin Vulnerable versions = 1.2.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8731 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d8773fd0a372 Credits vgo0 Required privilege...

WordPress 安全漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress 6.1.1 and earlier versions, which stems from the fact that its...