Total
1567 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2548 | 1 Metagauss | 1 Registrationmagic | 2026-04-08 | 6.6 Medium |
| The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers, with administrator-level permissions and above, to change user passwords and potentially take over super-administrator accounts in multisite setup. | ||||
| CVE-2023-2173 | 1 Badgeos | 1 Badgeos | 2026-04-08 | 6.5 Medium |
| The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the badgeos_delete_step_ajax_handler, badgeos_delete_award_step_ajax_handler, badgeos_delete_deduct_step_ajax_handler, and badgeos_delete_rank_req_step_ajax_handler functions. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts. | ||||
| CVE-2023-1889 | 1 Wpwax | 1 Directorist | 2026-04-08 | 6.5 Medium |
| The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listing_task function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts. Please note CVE-2023-35052 appears to be a duplicate of this issue. | ||||
| CVE-2023-0692 | 1 Wpmet | 1 Metform Elementor Contact Form Builder | 2026-04-08 | 4.3 Medium |
| The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_payment_status' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about the payment status of arbitrary form submissions. | ||||
| CVE-2023-0558 | 1 Contentstudio | 1 Contentstudio | 2026-04-08 | 8.2 High |
| The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to execute functions intended for use by users with proper API keys. | ||||
| CVE-2023-0550 | 1 Thingsforrestaurants | 1 Quick Restaurant Menu | 2026-04-08 | 8.1 High |
| The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu item. This makes it possible for authenticated attackers, with subscriber-level access or higher, to modify or delete arbitrary posts. | ||||
| CVE-2022-3995 | 1 Standalonetech | 1 Terawallet | 2026-04-08 | 4.3 Medium |
| The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lock_unlock_terawallet AJAX action. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to lock/unlock other users wallets. | ||||
| CVE-2022-3805 | 1 Jegtheme | 1 Jeg Elementor Kit | 2026-04-08 | 8.6 High |
| The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the MailChimp API key, global styles, 404 page settings, and enabled elements. | ||||
| CVE-2024-9637 | 2 Igexsolutions, Jdsofttech | 2 Wpschoolpress, School Management System | 2026-04-08 | 8.8 High |
| The School Management System – WPSchoolPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.10. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for authenticated attackers, with teacher-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account. | ||||
| CVE-2024-6410 | 1 Metagauss | 1 Profilegrid | 2026-04-08 | 4.3 Medium |
| The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.8.9 via the 'pm_upload_image' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the profile picture of any user. | ||||
| CVE-2024-4274 | 1 G5plus | 1 Essential Real Estate | 2026-04-08 | 4.3 Medium |
| The Essential Real Estate plugin for WordPress is vulnerable to unauthorized loss of data due to insufficient validation on the remove_property_attachment_ajax() function in all versions up to, and including, 4.4.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary attachments. | ||||
| CVE-2024-2538 | 1 Permalink Manager Lite Project | 1 Permalink Manager Lite | 2026-04-08 | 5.4 Medium |
| The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_permalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author access and above, to modify the permalinks of arbitrary posts. | ||||
| CVE-2024-2346 | 1 Ninjateam | 1 Filebird | 2026-04-08 | 5.4 Medium |
| The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.3 via folder deletion due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with author access or higher, to delete folders created by other users and make their file uploads visible. CVE-2024-35166 may be a duplicate of this issue. | ||||
| CVE-2024-1640 | 1 Bitapps | 1 Contact Form Builder | 2026-04-08 | 5.3 Medium |
| The Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient user validation on the bitforms_update_form_entry AJAX action in all versions up to, and including, 2.10.1. This makes it possible for unauthenticated attackers to modify form submissions. | ||||
| CVE-2024-13832 | 1 Uncodethemes | 1 Ultra Addons Lite For Elementor | 2026-04-08 | 4.3 Medium |
| The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.8 via the 'ut_elementor' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to. | ||||
| CVE-2024-13719 | 2 Pepro, Wordpress | 2 Peprodev Ultimate Invoice, Wordpress | 2026-04-08 | 5.3 Medium |
| The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.9 via the invoicing viewer due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view invoices for completed orders which can contain PII of users. | ||||
| CVE-2024-12062 | 1 Nicheaddons | 1 Charity Addon For Elementor | 2026-04-08 | 4.3 Medium |
| The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.3 via the 'nacharity_elementor_template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. | ||||
| CVE-2024-10696 | 1 Codeastrology | 1 Ultraaddons | 2026-04-08 | 4.3 Medium |
| The UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.8 via the show_template due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to expose the contents of draft, private, and pending posts. | ||||
| CVE-2023-6969 | 1 Kylebjohnson | 1 User Shortcodes Plus | 2026-04-08 | 4.3 Medium |
| The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the user_meta shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve potentially sensitive user meta. | ||||
| CVE-2023-2172 | 1 Badgeos | 1 Badgeos | 2026-04-08 | 4.3 Medium |
| The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the badgeos_update_steps_ajax_handler, badgeos_update_award_steps_ajax_handler, badgeos_update_deduct_steps_ajax_handler, and badgeos_update_ranks_req_steps_ajax_handler functions. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to overwrite arbitrary post titles. | ||||