CVE-2026-7652 LatePoint <= 5.5.0 - Unauthenticated Account Takeover via Weak Password Recovery Mechanism

The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and including, 5.5.0 This is due to the saveconnectedwordpressuser function propagating a LatePoint customer's email address to it...

CVE-2023-4915

The WP User Control plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.5.3. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function in the WP User Control Widget. The functi...

WordPress PPWP plugin < 1.9.11 - Subscriber+ Access Bypass via REST API vulnerability

Subscriber+ Access Bypass via REST API vulnerability discovered by Pierre Rudloff in WordPress Plugin PPWP versions 1.9.11...

CVE-2025-31019 WordPress Password Policy Manager plugin <= 2.0.4 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Password Policy Manager password-policy-manager allows Authentication Abuse.This issue affects Password Policy Manager: from n/a through = 2.0.4...

Exploit for SQL Injection in Wpfastestcache Wp_Fastest_Cache

PoC for CVE-2023-6063: WP Fastest Cache 1.2.2 Unauthenticated...

WordPress PPWP – WordPress Password Protect Page Plugin <= 1.8.9 is vulnerable to Bypass Vulnerability

Software PPWP – WordPress Password Protect Page Type Plugin Vulnerable versions = 1.8.9 Fixed in 1.9.0 OWASP Top 10 A5: Broken Access Control Classification Bypass Vulnerability CVE CVE-2024-0620 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 33bb0c05c31f Credits Francesc...

WordPress Password Protected Plugin <= 2.6.2 is vulnerable to Cross Site Scripting (XSS)

Software Password Protected Type Plugin Vulnerable versions = 2.6.2 Fixed in 2.6.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32580 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a80c60dc1bba Credits Mika Required...

CVE-2023-1888

The Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including, 7.5.4. This is due to a lack of validation checks within login.php. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset th...

WordPress Plugin User Role Editor &lt; 4.25 - Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress User Role Editor Plugin Privilege Escalation', 'Description' = %q The WordPress User Role Editor plugin prior to v4.25, is lacking an...