PT-2025-34740

Name of the Vulnerable Software and Affected Versions: Dokan Pro versions prior to 4.0.6 Description: The Dokan Pro plugin for WordPress is susceptible to privilege escalation via account takeover. The issue stems from insufficient user identity validation during staff password resets, allowing...

WordPress CubeWP Framework Plugin <= 1.1.24 - Privilege Escalation Vulnerability

Privilege Escalation Vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin CubeWP versions = 1.1.24...

WordPress SEO Metrics plugin <= 1.0.15 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation vulnerability

Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin SEO Metrics versions = 1.0.15...

WordPress Service Finder SMS System plugin <= 2.0.0 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Foxyyy in WordPress Plugin Service Finder SMS System versions = 2.0.0...

WordPress Bookify <= 1.0.9 - Privilege Escalation Vulnerability

Privilege Escalation Vulnerability discovered by Denver Jackson in WordPress Plugin Bookify versions = 1.0.9...

WordPress Social Streams plugin <= 1.2.1 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Thanh Nam Tran in WordPress Plugin Social Streams versions = 1.0.1...

WordPress Click & Pledge Connect plugin <= 25.04010101-WP6.8 - Privilege Escalation via SQL Injection vulnerability

Privilege Escalation via SQL Injection vulnerability discovered by astra.r3verii in WordPress Plugin Click & Pledge Connect versions = 25.04010101-WP6.8...

WordPress WP Email Debug plugin 1.0-1.1.0 - Missing Authorization to Unauthenticated Privilege Escalation via Password Reset vulnerability

Missing Authorization to Unauthenticated Privilege Escalation via Password Reset vulnerability discovered by kr0d in WordPress Plugin WP Email Debug versions 1.0-1.1.0...

WordPress HyperComments plugin <= 1.2.2 - Unauthenticated Arbitrary Options Update vulnerability

Unauthenticated Arbitrary Options Update vulnerability discovered by WordFence in WordPress Plugin HyperComments versions = 1.2.2...

WordPress MaxiBlocks plugin <= 2.1.0 - Arbitrary Option Update to Privilege Escalation vulnerability

Arbitrary Option Update to Privilege Escalation vulnerability discovered by Aiden Thái An in WordPress Plugin MaxiBlocks versions = 2.1.0...

WordPress WPCHURCH plugin <= 2.7.0 - Privilege Escalation Vulnerability

Privilege Escalation Vulnerability discovered by Phúc ton luoi in WordPress Plugin WPCHURCH versions = 2.7.0...

WordPress Frontend Dashboard 1.0-2.2.7 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin Frontend Dashboard versions 1.0-2.2.7...

WordPress Lead Form Data Collection to CRM plugin <= 3.1 - Arbitrary Option Update to Privilege Escalation vulnerability

Arbitrary Option Update to Privilege Escalation vulnerability discovered by LVT-tholv2k in WordPress Plugin Lead Form Data Collection to CRM versions = 3.1...

WordPress IMITHEMES Listing plugin <= 3.3 - Unauthenticated Privilege Escalation via Unverified Password Reset vulnerability

Unauthenticated Privilege Escalation via Unverified Password Reset vulnerability discovered by Alyudin Nafiie in WordPress Plugin IMITHEMES Listing versions = 3.3...

WordPress SureTriggers <= 1.0.82 - Privilege Escalation Vulnerability

Privilege Escalation Vulnerability discovered by Denver Jackson Patchstack Alliance in WordPress Plugin OttoKit versions = 1.0.82...

WordPress Quentn WP plugin <= 1.2.8 - Privilege Escalation Vulnerability

Privilege Escalation Vulnerability discovered by Le Ngoc Anh in WordPress Plugin Quentn WP versions = 1.2.8...

WordPress WP User Profiles plugin <= 2.6.2 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by astra.r3verii Patchstack Alliance in WordPress Plugin WP User Profiles versions = 2.6.2...

CVE-2025-30772 WordPress WPC Smart Upsell Funnel for WooCommerce plugin <= 3.0.4 - Arbitrary Option Update to Privilege Escalation vulnerability

Missing Authorization vulnerability in WPClever WPC Smart Upsell Funnel for WooCommerce wpc-smart-upsell-funnel allows Privilege Escalation.This issue affects WPC Smart Upsell Funnel for WooCommerce: from n/a through = 3.0.4...

CVE-2024-10589 Leopard <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the importsettings function in all versions up to, and including, 3.1.1. This makes it possible for authenticate...

CVE-2024-6158

The CVE-2024-6158 issue affects two WordPress widgets: Category Posts Widget (plugins) up to version 4.9.17, and Term-and-Category-Based-Posts-Widget up to 4.9.13. Root cause: both fail to validate and escape certain Category Posts widget settings before echoing them in a page/post, enabling stor...