46 matches found
WordPress plugin KiviCare 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2025-14977
The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.2.4 via the /wp-json/dokan/v1/settings REST API endpoint due to missing validation on a...
CVE-2025-14072
The Ninja Forms WordPress plugin before 3.13.3 allows unauthenticated attackers to generate valid access tokens via the REST API which can then be used to read form submissions...
EUVD-2025-203498
The Dokan Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /dokan/v1/wholesale/register REST API endpoint in all versions up to, and including, 4.1.3. This makes it possible for unauthenticated attackers to enumerate users and retrieve...
CVE-2025-11368 LearnPress – WordPress LMS Plugin <= 4.2.9.4 - Missing Authorization to Unauthenticated Arbitrary Callback Execution to Information Exposure
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 4.2.9.4. This is due to missing capability checks in the REST endpoint /wp-json/lp/v1/loadcontentviaajax which allows arbitrary callback execution of...
CVE-2025-12777
The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.10.0. This is due to the plugin not properly verifying that a user is authorized to perform actions on the REST API /wp-json/yith/wishlist/v1/lists endpoint which uses...
PT-2025-46246
Name of the Vulnerable Software and Affected Versions Auto Amazon Links – Amazon Associates Affiliate Plugin versions prior to 5.4.4 Description The Auto Amazon Links – Amazon Associates Affiliate Plugin for WordPress is susceptible to unauthorized access to arbitrary files. This is possible...
CVE-2025-12399
Summary: CVE-2025-12399 affects the WordPress plugin “Alex Reservations: Smart Restaurant Booking” up to version 2.2.3. The vulnerability stems from missing file type validation in the REST endpoint /wp-json/srr/v1/app/upload/file, enabling authenticated attackers with Administrator-level access ...
CVE-2025-9209
The RestroPress – Online Food Ordering System plugin for WordPress is vulnerable to Authentication Bypass in versions 3.0.0 to 3.1.9.2. This is due to the plugin exposing user private tokens and API data via the /wp-json/wp/v2/users REST API endpoint. This makes it possible for unauthenticated...
CVE-2025-5305 Password Reset with Code < 0.0.17 - Insecure Password Reset Code Creation
The Password Reset with Code for WordPress REST API WordPress plugin before 0.0.17 does not use cryptographically sound algorithms to generate OTP codes, potentially leading to account takeovers...
Linux Distros Unpatched Vulnerability : CVE-2019-20043
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a...
CVE-2025-52716
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Acato WP REST Cache wp-rest-cache allows PHP Local File Inclusion.This issue affects WP REST Cache: from n/a through = 2025.1.0...
CVE-2025-52716
CVE-2025-52716 concerns the WordPress plugin WP REST Cache prior to or up to version 2025.1.0. The vulnerability is an improper control of filenames for include/require statements, enabling local file inclusion (LFI) via the PHP runtime. Affected products are WP REST Cache (WordPress plugin); no ...
CVE-2025-52716 WordPress WP REST Cache <= 2025.1.0 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Acato WP REST Cache allows PHP Local File Inclusion. This issue affects WP REST Cache: from n/a through 2025.1.0...
WordPress REST API | Custom API Generator For Cross Platform And Import Export In WP plugin <= 2.0.3 - Missing Authorization to Unauthenticated Privilege Escalation via process_handler Function vulnerability
Missing Authorization to Unauthenticated Privilege Escalation via processhandler Function vulnerability discovered by kr0d in WordPress Plugin REST API | Custom API Generator For Cross Platform And Import Export In WP versions = 2.0.3...
CVE-2023-35039
Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15...
CVE-2025-39545 WordPress WordPress REST API Authentication <= 3.6.3 - Settings Change Vulnerability
Missing Authorization vulnerability in miniOrange WordPress REST API Authentication allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress REST API Authentication: from n/a through 3.6.3...
CVE-2024-11972
The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin...
CVE-2024-49328
Authentication Bypass Using an Alternate Path or Channel vulnerability in Vivek Tamrakar WP REST API FNS allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through 1.0.0...
CVE-2023-35039
Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15...