2 matches found
CVE-2021-25032
The CVE concerns the WordPress plugins PublishPress Capabilities and PublishPress Capabilities Pro (versions before 2.3.1). The issue stems from missing authorization and CSRF checks when updating plugin settings via the init hook, and failure to validate that updated options belong to the plugin...
CVE-2022-3366
The CVE concerns the WordPress plugins PublishPress Capabilities (before 2.5.2) and PublishPress Capabilities Pro (before 2.5.2). The issue is a PHP object injection risk arising from unserializing the content of imported files in multisite configurations, as described in the CVE entry. Exploitat...