Missing Authorization
Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report
Plugin Name: Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Key Information: Software Type: PluginSoftware Slug: post-smtpSoftware Status: ActiveSoftware Author: saadiqbalSoftware Downloads: 17,580,355Active Installs: 400,000Last Updated: November 1, 2025Patched Versions: 3.6.1Affected Versions: ≤ 3.6.0 Vulnerability Details: Name: Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP &…
SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report
Plugin Name: SiteSEO – SEO Simplified Key Information: Software Type: PluginSoftware Slug: siteseoSoftware Status: ActiveSoftware Author: softaculousSoftware Downloads: 976,564Active Installs: 400,000Last Updated: November 1, 2025Patched Versions: 1.3.2Affected Versions: ≤ 1.3.1 Vulnerability Details: Name: SiteSEO – SEO Simplified ≤ 1.3.1 – Missing Authorization to Authenticated (Author+) Plugin Settings UpdateType: Missing AuthorizationCVE: CVE-2025-12367CVSS Score: 4.3 (Medium)Publicly Published:…
Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report
Plugin Name: Qi Blocks Key Information: Software Type: PluginSoftware Slug: qi-blocksSoftware Status: ActiveSoftware Author: qodeinteractiveSoftware Downloads: 648,392Active Installs: 60,000Last Updated: October 2025Patched Versions: 1.4.4Affected Versions: ≤ 1.4.3 Vulnerability Details Name: Qi Blocks ≤ 1.4.3Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NCVE: CVE-2025-12180CVSS Score: 4.3Publicly Published: October 31, 2025Researcher: Adrian LukitaDescription:The Qi Blocks plugin for WordPress is vulnerable to Missing Authorization in…
Tutor LMS Vulnerability – Multiple Vulnerabilities – CVE-2024-4279, CVE-2024-4318, CVE-2024-4223 | WordPress Plugin Vulnerability Report
Plugin Name: Tutor LMS Key Information: Software Type: Plugin Software Slug: tutor Software Status: Active Software Author: themeum Software Downloads: 2,095,500 Active Installs: 80,000 Last Updated: May 15, 2024 Patched Versions: 2.7.1 Affected Versions: <= 2.7.0 Vulnerability 1 Details: Name: Tutor LMS – eLearning and online course solution <= 2.7.0 – Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion Title: Authenticated (Instructor+) Insecure…
White Label CMS Vulnerability – Missing Authorization to Plugin Settings Reset – CVE-2024-4280 | WordPress Plugin Vulnerability Report
Plugin Name: White Label CMS Key Information: Software Type: Plugin Software Slug: white-label-cms Software Status: Active Software Author: videousermanuals Software Downloads: 3,439,358 Active Installs: 200,000 Last Updated: May 9, 2024 Patched Versions: 2.7.4 Affected Versions: <= 2.7.3 Vulnerability Details: Name: White Label CMS <= 2.7.3 – Missing Authorization to Plugin Settings Reset Type: Missing Authorization…
Redirection Vulnerability – Missing Authorization – CVE-2024-31435 | WordPress Plugin Vulnerability Report
Plugin Name: Redirection Key Information: Software Type: Plugin Software Slug: redirect-redirection Software Status: Active Software Author: inisev Software Downloads: 329,941 Active Installs: 60,000 Last Updated: April 22, 2024 Patched Versions: 1.2.0 Affected Versions: <= 1.1.9 Vulnerability Details: Name: Inisev Analyst Module <= 1.1.9 Title: Missing Authorization Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2024-31435 CVSS Score: 4.3 Publicly Published:…
Event Tickets and Registration Vulnerability – Missing Authorization – CVE-2024-1053 | WordPress Plugin Vulnerability Report
Plugin Name: Event Tickets and Registration Key Information: Software Type: Plugin Software Slug: event-tickets Software Status: Active Software Author: theeventscalendar Software Downloads: 3,388,630 Active Installs: 80,000 Last Updated: February 21, 2024 Patched Versions: 5.8.2 Affected Versions: <= 5.8.1 Vulnerability Details: Name: Event Tickets and Registration <= 5.8.1 – Missing Authorization Title: Missing Authorization Type: Improper Access Control CVE: CVE-2024-1053 CVSS Score: 4.3 (Medium) Publicly Published: February 21, 2024 Researcher: Muhammad Daffa…
WordPress Plugin Vulnerability Report – Slider – Missing Authorization via AJAX action
Plugin Name: Slider – Ultimate Responsive Image Slider Key Information: Software Type: Plugin Software Slug: ultimate-responsive-image-slider Software Status: Active Software Author: farazfrank Software Downloads: 1,338,384 Active Installs: 40,000 Last Updated: November 16, 2023 Patched Versions: 3.5.12 Affected Versions: <= 3.5.11 Vulnerability Details: Name: Ultimate Responsive Image Slider <= 3.5.11 – Missing Authorization via AJAX action Title: Missing Authorization via AJAX action Type: Missing Authorization CVSS Score: 4.3 (Medium)…
WordPress Plugin Vulnerability Report: Duplicate Post Page Menu & Custom Post Type – Missing Authorization to Post Duplication – CVE-2023-4792
Plugin Name: Duplicate Post Page Menu & Custom Post Type Key Information: Software Type: Plugin Software Slug: duplicate-post-page-menu-custom-post-type Software Status: Removed Software Author: inqsys Software Downloads: 300,152 Active Installs: 30,000 Last Updated: September 7, 2023 Patched Versions: 2.4.0 Affected Versions: <=2.3.1 Vulnerability Details: Name: Duplicate Post Page Menu & Custom Post Type <= 2.3.1 –…