The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.5. This allows unauthenticated attackers to create arbitrary malicious administrator accoun
The Industrial theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the _ajax_get_total_content_import_item
The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.0.7.1. This is due to the 'add_menu' function is accessible via the 'rm_user_ex
The s2Member plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 260127. This is due to the plugin not properly validating a user's id
The WooCommerce Customers Manager plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_assign_new_roles() function in all versions up to, and includ
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'eh_crm_agent_add_user' AJAX action in all v
The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the /mcp/v1/ REST API endpoint that exposes the 'Bearer Token' value
The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to the plugin not properly restricting the roles that users can regist
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient user OTP validation in the handleWpLoginCreateUserAction() function in al
The Ultimate WP Mail plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the get_email_log_details() AJAX handler in versions 1.0.17 to 1.3.6. The handler r
The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in versions 2.2.85 to 2.3.3. This is due to the plugin not properly restricting what user meta can be upda
The Users manager – PN plugin for WordPress is vulnerable to Privilege Escalation via Arbitrary User Meta Update in all versions up to and including 1.1.15. This is due to a flawed authorization logic
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.0 to 2.6.0. This is due to the plugin not properly validating a user's identit
The MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capabili
The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.8. This is due to the plugin not properly validating a user's
The WPC Admin Columns plugin for WordPress is vulnerable to privilege escalation in versions 2.0.6 to 2.1.0. This is due to the plugin not properly restricting user meta values that can be updated thr
The Cryptocurrency Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handle_optin_optout' function in al
The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to privilege escalation. This is due to the plugin not properly validating a user's identity prior to
The WPC Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to account takeover and privilege escalation in all versions up to, and including, 1.2.8. This is due to the 'generate_key
The RestroPress – Online Food Ordering System plugin for WordPress is vulnerable to Authentication Bypass in versions 3.0.0 to 3.1.9.2. This is due to the plugin exposing user private tokens and API d