The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'handle_mofirebase_form_options' function in versions
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure 'administrator' default value for t
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.6.0. This is due to missing validation on the token being
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0. This is due to the plugin providing user-con
The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.1.1. This is due to the `firebase_auth()` function authenticat
The Realty Portal – Agent plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the rp_user_profile() AJAX handler in versions 0.1.0 through 0.3.9. The handler
The Offsprout Page Builder plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization placed on the permission_callback() function in versions 2.2.1 to 2.15.2. This makes
The Simple User Capabilities plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the suc_submit_capabilities() function in all versions up to, and including
The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.0.7.1. This is due to the 'add_menu' function is accessible via the 'rm_user_ex
The WooCommerce OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass due to insufficient empty value checking in the lwp_ajax_register function in
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the
The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the rgfr_registration() function in all versions up to, and in
The Integrate Firebase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'firebase_show' shortcode in all versions up to, and including, 0.9.3 due to insufficient inpu
The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to the Firebase verification flow in the `l
The Newsletters plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.9.9.2. This is due to the plugin not restricting what user meta can be updated as scr
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.20. This is due to the `rcp_setup_registration_init()` fun
The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the
The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in versions 2.2.85 to 2.3.3. This is due to the plugin not properly restricting what user meta can be upda
The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49. This is due to a lack of validation and missing capability check on
The OTP-less one tap Sign in plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.14 to 2.0.59. This is due to the plugin not properly validating a user's id
Page 1+ Next →