Filtered by vendor Smub
Subscriptions
Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-2471 | 2 Smub, Wordpress | 2 Wp Mail Logging, Wordpress | 2026-03-02 | 7.5 High |
| The WP Mail Logging plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.15.0 via deserialization of untrusted input from the email log message field. This is due to the `BaseModel` class constructor calling `maybe_unserialize()` on all properties retrieved from the database without validation. This makes it possible for unauthenticated attackers to inject a PHP Object by submitting a double-serialized payload through any public-facing form that sends email (e.g., Contact Form 7). When the email is logged and subsequently viewed by an administrator, the malicious payload is deserialized into an arbitrary PHP object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. | ||||
| CVE-2025-14384 | 2 Smub, Wordpress | 2 All In One Seo, Wordpress | 2026-01-16 | 4.3 Medium |
| The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the `/aioseo/v1/ai/credits` REST route in all versions up to, and including, 4.9.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to disclose the global AI access token. | ||||
| CVE-2025-14783 | 2 Smub, Wordpress | 2 Easy Digital Downloads, Wordpress | 2026-01-05 | 4.3 Medium |
| The Easy Digital Downloads plugin for WordPress is vulnerable to Unvalidated Redirect in all versions up to, and including, 3.6.2. This is due to insufficient validation on the redirect url supplied via the 'edd_redirect' parameter. This makes it possible for unauthenticated attackers to redirect users with the password reset email to potentially malicious sites if they can successfully trick them into performing an action. | ||||
| CVE-2025-12377 | 2 Smub, Wordpress | 2 Gallery Plugin For Wordpress, Wordpress | 2025-12-19 | 4.3 Medium |
| The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.12.0. This makes it possible for authenticated attackers, with Author-level access and above, to perform multiple actions, such as removing images from arbitrary galleries. The vulnerability was partially patched in version 1.12.0. | ||||
| CVE-2025-13641 | 2 Smub, Wordpress | 2 Nextgen Gallery, Wordpress | 2025-12-19 | 8.8 High |
| The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.59.12 via the 'template' shortcode parameter. This is due to insufficient path validation that allows absolute paths to be provided. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary PHP files on the server, bypassing web server restrictions like .htaccess. Successful exploitation could lead to information disclosure, code execution in the WordPress context, and potential remote code execution if combined with arbitrary file upload capabilities. | ||||
| CVE-2025-11893 | 2 Smub, Wordpress | 2 Charitable–donation Plugin For Wordpress, Wordpress | 2025-11-24 | 8.8 High |
| The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to SQL Injection via the donation_ids parameter in all versions up to, and including, 1.8.8.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Exploitation of the vulnerability requires a paid donation. | ||||
| CVE-2025-12847 | 2 Smub, Wordpress | 2 All In One Seo, Wordpress | 2025-11-18 | 4.3 Medium |
| The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to unauthorized arbitrary media attachment deletion due to a missing authorization check in all versions up to, and including, 4.8.9. This is due to the REST API endpoint `/wp-json/aioseo/v1/ai/image-generator` only verifying that users have the `edit_posts` capability (Contributors and above) without checking if they own or have permission to delete the specific media attachments. This makes it possible for authenticated attackers, with Contributor-level access and above, to permanently delete arbitrary media attachments by ID via the REST API, granted they can determine valid attachment IDs. | ||||
| CVE-2025-11448 | 2 Smub, Wordpress | 2 Gallery Plugin For Wordpress, Wordpress | 2025-11-12 | 4.3 Medium |
| The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/envira-convert/v1/bulk-convert' REST API endpoint in all versions up to, and including, 1.11.0. This makes it possible for authenticated attackers, with contributor-level access and above, to convert galleries to Envira galleries. | ||||
| CVE-2025-11271 | 2 Smub, Wordpress | 2 Easy Digital Downloads, Wordpress | 2025-11-06 | 5.3 Medium |
| The Easy Digital Downloads plugin for WordPress is vulnerable to Order Manipulation in all versions up to, and including, 3.5.2 due to an order verification bypass. The verification is unconditionally skipped when the POST body includes verification_override=1. Because this value is attacker-supplied, an unauthenticated actor can submit a forged IPN and have it treated as verified, even on production sites and with verification otherwise enabled. A valid PayPal transaction id is needed, restricting order manipulation to orders placed by the attacker. This, in turn, requires them to have a customer account. | ||||
Page 1 of 1.