264433 matches found
PT-2026-43478
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to denial of service in all versions up to, and including, 1.6.11.5. This is due to a publicly accessible REST API endpoint /wp-json/ssa/v1/async that calls PHP's sleep function on a...
WordPress plugin Active Products Tables for WooCommerce SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
WordPress KiviCare plugin <= 4.3.0 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by kai63001 in WordPress Plugin KiviCare versions = 4.3.0...
CVE-2025-14361 WordPress Woocommerce Envato Affiliates plugin <= 1.2.1 - Settings Change vulnerability
Missing Authorization vulnerability in AA-Team Woocommerce Envato Affiliates allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Woocommerce Envato Affiliates: from n/a through 1.2.1...
CVE-2025-14361 WordPress Woocommerce Envato Affiliates plugin <= 1.2.1 - Settings Change vulnerability
Missing Authorization vulnerability in AA-Team Woocommerce Envato Affiliates allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Woocommerce Envato Affiliates: from n/a through 1.2.1...
CVE-2025-14361
CVE-2025-14361 affects the WordPress plugin AA-Team Woocommerce Envato Affiliates (
WordPress Xpro Elementor Addons - Pro plugin <= 1.4.7 - Pro <= 1.4.7 - Authenticated (Contributor+) Arbitrary File Read vulnerability
WordPress Xpro Elementor Addons - Pro plugin = 1.4.7 - Pro = 1.4.7 - Authenticated Contributor+ Arbitrary File Read vulnerability discovered by stealthcopter in WordPress Plugin Xpro Elementor Addons - Pro versions = 1.4.7...
WordPress MinhNhut Link Gateway plugin <= 3.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by san6051 - COFFSec in WordPress Plugin MinhNhut Link Gateway versions = 3.6.1...
WordPress myLinksDump plugin <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by san6051 - COFFSec in WordPress Plugin myLinksDump versions = 1.6...
WordPress rexCrawler plugin <= 1.0.15 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by san6051 - COFFSec in WordPress Plugin rexCrawler versions = 1.0.15...
CVE-2026-6895
The WishList Member plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Disclosure and Privilege Escalation in versions up to and including 3.30.1. This is due to the missing capability checks in the 'exportsettings' function. This function returns the RES...
CVE-2026-6419
The WishList Member plugin for WordPress is vulnerable to Privilege Escalation via Missing Authorization in versions up to and including 3.30.1. This is due to the missing capability and nonce check in the ajaxgetscreen function. This makes it possible for authenticated attackers, with...
CVE-2026-6897
The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\TeamAccounts::savesettings' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...
CVE-2026-25426 WordPress Taxi Booking Manager for WooCommerce plugin <= 2.0.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Magepeople inc. Taxi Booking Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Taxi Booking Manager for WooCommerce: from n/a through 2.0.1...
CVE-2026-25426 WordPress Taxi Booking Manager for WooCommerce plugin <= 2.0.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Magepeople inc. Taxi Booking Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Taxi Booking Manager for WooCommerce: from n/a through 2.0.1...
CVE-2026-25426
The CVE-2026-25426 entry concerns the WordPress plugin Taxi Booking Manager for WooCommerce (Magepeople) with versions up to 2.0.1 . The vulnerability is described as a Missing Authorization / Broken Access Control flaw caused by incorrectly configured access control security levels , enabling un...
CVE-2026-24520 WordPress Tiktok Feed plugin <= 1.0.24 - Broken Access Control vulnerability
Missing Authorization vulnerability in bPlugins Tiktok Feed allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Tiktok Feed: from n/a through 1.0.24...
CVE-2026-24520
CVE-2026-24520 concerns the WordPress Tiktok Feed plugin with a Missing Authorization vulnerability leading to Broken Access Control. Affected: Tiktok Feed versions up to and including 1.0.24. Root cause: incorrectly configured access control, enabling exploitation of access levels. CVSS 3.1 base...
CVE-2026-24520 WordPress Tiktok Feed plugin <= 1.0.24 - Broken Access Control vulnerability
Missing Authorization vulnerability in bPlugins Tiktok Feed allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Tiktok Feed: from n/a through 1.0.24...
WordPress Taxi Booking Manager for WooCommerce plugin <= 2.0.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Taxi Booking Manager for WooCommerce versions = 2.0.1...