The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.0. This is due to the get_single_ac
The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to unauthorized modification/deletion of data due to a missing capability check on the delete_single_a
The myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.9.7.1. This i
The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/devs-crm/v1/attendanc
The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 6.26.12. This is due to the plugi
The ONLYOFFICE Docs plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within its oo.callback REST endpoint in versions 1.1.0 to 2.2.0. The plugin’s permission cal
The myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.9.7. This is
The Simple Membership plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.7.5. This is due to the plugin not properly verifying that a user is authorized
The Simple Payment plugin for WordPress is vulnerable to Authentication Bypass in versions 1.3.6 to 2.3.8. This is due to the plugin not properly verifying a user's identity prior to logging them in t
The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling
The Ultimate WP Mail plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the get_email_log_details() AJAX handler in versions 1.0.17 to 1.3.6. The handler r
The TAX SERVICE Electronic HDM WordPress plugin before 1.2.1 does not authorization and CSRF checks in an AJAX action, allowing unauthenticated users to import and execute arbitrary SQL statements
The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated (Subscriber+) account takeover in all versions up to, and including, 5.26.0 via the eve
The WishList Member plugin for WordPress is vulnerable to Privilege Escalation via Missing Authorization in versions up to and including 3.30.1. This is due to the missing capability and nonce check i
The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and including, 4.7.1 via the updateUserInfo() due to missing validatio
The All in One Time Clock Lite plugin for WordPress is vulnerable to unauthorized access due to a missing authorization check in all versions up to, and including, 2.0.3. This is due to the plugin ex
The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_request() function in versions 1.0 to 2.2.7. This makes it possible for
Missing Authorization vulnerability in wp.insider Simple Membership simple-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Membership: from
The FundPress – WordPress Donation Plugin for WordPress is vulnerable to authorization bypass in versions up to and including 2.0.8. This is due to missing authorization and nonce verification in the
The Nari Accountant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via account settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and outpu
Page 1+ Next →