Refine your search
113 vulnerabilities found for by StellarWP
CVE-2026-2826 (GCVE-0-2026-2826)
Vulnerability from cvelistv5
Published
2026-04-04 08:25
Modified
2026-04-08 16:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user has the `upload_files` capability in the `process_pattern` REST API endpoint. This makes it possible for authenticated attackers, with contributor level access and above, to upload images to the WordPress Media Library by supplying remote image URLs that the server downloads and creates as media attachments.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor |
Version: 0 ≤ 3.6.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2826",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T13:20:14.362434Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T13:20:25.336Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Kadence Blocks \u2014 Page Builder Toolkit for Gutenberg Editor",
"vendor": "stellarwp",
"versions": [
{
"lessThanOrEqual": "3.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lukasz Sobanski"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Kadence Blocks \u2014 Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user has the `upload_files` capability in the `process_pattern` REST API endpoint. This makes it possible for authenticated attackers, with contributor level access and above, to upload images to the WordPress Media Library by supplying remote image URLs that the server downloads and creates as media attachments."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:56:25.154Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5f91df7e-5d9d-4a3a-9afc-d771106a0be6?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.6.4/includes/class-kadence-blocks-prebuilt-library-rest-api.php#L1224"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-10T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2026-02-19T18:33:52.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-04-03T19:45:52.000Z",
"value": "Disclosed"
}
],
"title": "Kadence Blocks \u2014 Page Builder Toolkit for Gutenberg Editor \u003c= 3.6.3 - Missing Authorization to Authenticated (Contributor+) Media Upload"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-2826",
"datePublished": "2026-04-04T08:25:19.800Z",
"dateReserved": "2026-02-19T18:16:42.416Z",
"dateUpdated": "2026-04-08T16:56:25.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-32546 (GCVE-0-2026-32546)
Vulnerability from cvelistv5
Published
2026-03-25 16:15
Modified
2026-03-25 19:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
Missing Authorization vulnerability in StellarWP Restrict Content restrict-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restrict Content: from n/a through <= 3.2.22.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| StellarWP | Restrict Content |
Version: n/a < |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-32546",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T19:25:03.607536Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T19:25:26.082Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "restrict-content",
"product": "Restrict Content",
"vendor": "StellarWP",
"versions": [
{
"changes": [
{
"at": "3.2.23",
"status": "unaffected"
}
],
"lessThanOrEqual": "\u003c= 3.2.22",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nguyen Ba Khanh | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-03-25T17:12:43.505Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in StellarWP Restrict Content restrict-content allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Restrict Content: from n/a through \u003c= 3.2.22.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in StellarWP Restrict Content restrict-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restrict Content: from n/a through \u003c= 3.2.22."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T16:15:12.093Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/restrict-content/vulnerability/wordpress-restrict-content-plugin-3-2-22-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress Restrict Content plugin \u003c= 3.2.22 - Broken Access Control vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-32546",
"datePublished": "2026-03-25T16:15:12.093Z",
"dateReserved": "2026-03-12T11:12:34.193Z",
"dateUpdated": "2026-03-25T19:25:26.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3079 (GCVE-0-2026-3079)
Vulnerability from cvelistv5
Published
2026-03-24 01:25
Modified
2026-04-08 16:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
The LearnDash LMS plugin for WordPress is vulnerable to blind time-based SQL Injection via the 'filters[orderby_order]' parameter in the 'learndash_propanel_template' AJAX action in all versions up to, and including, 5.0.3. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| StellarWP | LearnDash LMS |
Version: 0 ≤ 5.0.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3079",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-24T13:55:07.720783Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T13:56:05.746Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LearnDash LMS",
"vendor": "StellarWP",
"versions": [
{
"lessThanOrEqual": "5.0.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Osvaldo Noe Gonzalez Del Rio"
}
],
"descriptions": [
{
"lang": "en",
"value": "The LearnDash LMS plugin for WordPress is vulnerable to blind time-based SQL Injection via the \u0027filters[orderby_order]\u0027 parameter in the \u0027learndash_propanel_template\u0027 AJAX action in all versions up to, and including, 5.0.3. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:43:20.936Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/29a560fa-03bf-435c-85da-68397deab2a6?source=cve"
},
{
"url": "http://www.learndash.com/"
},
{
"url": "https://plugins.trac.wordpress.org/browser/sfwd-lms/trunk/includes/ld-reports.php#L1233"
},
{
"url": "https://plugins.trac.wordpress.org/browser/sfwd-lms/trunk/includes/reports/includes/class-ld-propanel-base-widget.php#L149"
},
{
"url": "https://plugins.trac.wordpress.org/browser/sfwd-lms/trunk/includes/reports/includes/class-ld-propanel-activity.php#L338"
},
{
"url": "https://plugins.trac.wordpress.org/browser/sfwd-lms/trunk/includes/reports/includes/gutenberg/lib/enqueue-scripts.php#L51"
},
{
"url": "https://www.learndash.com/changelog/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-10T16:30:07.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-03-23T12:12:23.000Z",
"value": "Disclosed"
}
],
"title": "LearnDash LMS \u003c= 5.0.3 - Authenticated (Contributor+) SQL Injection via \u0027filters[orderby_order]\u0027 Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-3079",
"datePublished": "2026-03-24T01:25:21.251Z",
"dateReserved": "2026-02-23T21:17:19.700Z",
"dateUpdated": "2026-04-08T16:43:20.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4136 (GCVE-0-2026-4136)
Vulnerability from cvelistv5
Published
2026-03-20 03:37
Modified
2026-04-08 17:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
Summary
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Unvalidated Redirect in all versions up to, and including, 3.2.24. This is due to insufficient validation on the redirect url supplied via the 'rcp_redirect' parameter. This makes it possible for unauthenticated attackers to redirect users with the password reset email to potentially malicious sites if they can successfully trick them into performing an action.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stellarwp | Membership Plugin – Restrict Content |
Version: 0 ≤ 3.2.24 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4136",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-20T14:09:43.372951Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T14:09:53.635Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Membership Plugin \u2013 Restrict Content",
"vendor": "stellarwp",
"versions": [
{
"lessThanOrEqual": "3.2.24",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Supakiad S."
}
],
"descriptions": [
{
"lang": "en",
"value": "The Membership Plugin \u2013 Restrict Content plugin for WordPress is vulnerable to Unvalidated Redirect in all versions up to, and including, 3.2.24. This is due to insufficient validation on the redirect url supplied via the \u0027rcp_redirect\u0027 parameter. This makes it possible for unauthenticated attackers to redirect users with the password reset email to potentially malicious sites if they can successfully trick them into performing an action."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:29:42.603Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e4cf42d3-9864-440b-8357-36c82cbef28f?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.24/core/includes/login-functions.php#L270"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3486071/restrict-content"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-13T15:06:37.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-03-19T14:37:52.000Z",
"value": "Disclosed"
}
],
"title": "Membership Plugin \u2013 Restrict Content \u003c= 3.2.24 - Unvalidated Redirect in Password Reset Flow via rcp_redirect"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-4136",
"datePublished": "2026-03-20T03:37:02.684Z",
"dateReserved": "2026-03-13T14:50:43.889Z",
"dateUpdated": "2026-04-08T17:29:42.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3585 (GCVE-0-2026-3585)
Vulnerability from cvelistv5
Published
2026-03-10 03:33
Modified
2026-04-08 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
The The Events Calendar plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.15.17 via the 'ajax_create_import' function. This makes it possible for authenticated attackers, with Author-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stellarwp | The Events Calendar |
Version: 0 ≤ 6.15.17 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3585",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T15:58:02.895839Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T16:52:12.165Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "The Events Calendar",
"vendor": "stellarwp",
"versions": [
{
"lessThanOrEqual": "6.15.17",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
}
],
"descriptions": [
{
"lang": "en",
"value": "The The Events Calendar plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.15.17 via the \u0027ajax_create_import\u0027 function. This makes it possible for authenticated attackers, with Author-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:09:33.116Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/92e404ab-fe2b-45b3-b8ff-672f7888b747?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/the-events-calendar/tags/6.15.17/src/Tribe/Aggregator/Tabs/New.php#L466"
},
{
"url": "https://research.cleantalk.org/cve-2026-3585/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-05T06:32:14.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-03-09T14:40:15.000Z",
"value": "Disclosed"
}
],
"title": "The Events Calendar \u003c= 6.15.17 - Authenticated (Author+) Arbitrary File Read via ajax_create_import"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-3585",
"datePublished": "2026-03-10T03:33:51.369Z",
"dateReserved": "2026-03-05T06:16:21.181Z",
"dateUpdated": "2026-04-08T17:09:33.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1321 (GCVE-0-2026-1321)
Vulnerability from cvelistv5
Published
2026-03-05 07:30
Modified
2026-04-08 17:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.20. This is due to the `rcp_setup_registration_init()` function accepting any membership level ID via the `rcp_level` POST parameter without validating that the level is active or that payment is required. Combined with the `add_user_role()` method which assigns the WordPress role configured on the membership level without status checks, this makes it possible for unauthenticated attackers to register with any membership level, including inactive levels that grant privileged WordPress roles such as Administrator, or paid levels that charge a sign-up fee. The vulnerability was partially patched in version 3.2.18.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stellarwp | Membership Plugin – Restrict Content |
Version: 0 ≤ 3.2.20 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T14:54:54.966669Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T14:55:02.301Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Membership Plugin \u2013 Restrict Content",
"vendor": "stellarwp",
"versions": [
{
"lessThanOrEqual": "3.2.20",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Angus Girvan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Membership Plugin \u2013 Restrict Content plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.20. This is due to the `rcp_setup_registration_init()` function accepting any membership level ID via the `rcp_level` POST parameter without validating that the level is active or that payment is required. Combined with the `add_user_role()` method which assigns the WordPress role configured on the membership level without status checks, this makes it possible for unauthenticated attackers to register with any membership level, including inactive levels that grant privileged WordPress roles such as Administrator, or paid levels that charge a sign-up fee. The vulnerability was partially patched in version 3.2.18."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:14:45.884Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/abfaa4a6-92b0-4233-b08d-e668090d3fc2?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.15/core/includes/registration-functions.php#L1191"
},
{
"url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.15/core/includes/registration-functions.php#L1203"
},
{
"url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.15/core/includes/class-rcp-registration.php#L107"
},
{
"url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.15/core/includes/memberships/class-rcp-membership.php#L1939"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3447187/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3460177/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-22T01:37:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-03-04T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Membership Plugin \u2013 Restrict Content \u003c= 3.2.20 - Unauthenticated Privilege Escalation via \u0027rcp_level\u0027"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-1321",
"datePublished": "2026-03-05T07:30:55.675Z",
"dateReserved": "2026-01-22T01:21:39.470Z",
"dateUpdated": "2026-04-08T17:14:45.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2694 (GCVE-0-2026-2694)
Vulnerability from cvelistv5
Published
2026-02-25 21:25
Modified
2026-04-08 16:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-285 - Improper Authorization
Summary
The The Events Calendar plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to an improper capability check on the 'can_edit' and 'can_delete' function in all versions up to, and including, 6.15.16. This makes it possible for authenticated attackers, with Contributor-level access and above, to update or trash events, organizers and venues via REST API.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stellarwp | The Events Calendar |
Version: 0 ≤ 6.15.16 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2694",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T21:40:14.401017Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T21:40:41.317Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "The Events Calendar",
"vendor": "stellarwp",
"versions": [
{
"lessThanOrEqual": "6.15.16",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "M Indra Purnama"
}
],
"descriptions": [
{
"lang": "en",
"value": "The The Events Calendar plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to an improper capability check on the \u0027can_edit\u0027 and \u0027can_delete\u0027 function in all versions up to, and including, 6.15.16. This makes it possible for authenticated attackers, with Contributor-level access and above, to update or trash events, organizers and venues via REST API."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:58:09.763Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/67351a37-a457-48d6-b40a-95a7e3a0d746?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/the-events-calendar/tags/6.15.16/src/Tribe/REST/V1/Endpoints/Single_Event.php#L563"
},
{
"url": "https://plugins.trac.wordpress.org/browser/the-events-calendar/tags/6.15.16/src/Tribe/REST/V1/Endpoints/Single_Event.php#L498"
},
{
"url": "https://plugins.trac.wordpress.org/browser/the-events-calendar/tags/6.15.16/src/Tribe/REST/V1/Endpoints/Single_Venue.php#L583"
},
{
"url": "https://plugins.trac.wordpress.org/browser/the-events-calendar/tags/6.15.16/src/Tribe/REST/V1/Endpoints/Single_Venue.php#L529"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3468694/the-events-calendar"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-18T14:43:58.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-02-25T08:50:45.000Z",
"value": "Disclosed"
}
],
"title": "The Events Calendar \u003c= 6.15.16 - Improper Authorization to Authenticated (Contributor+) Event/Organizer/Venue Update/Trash via REST API"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-2694",
"datePublished": "2026-02-25T21:25:02.211Z",
"dateReserved": "2026-02-18T14:27:32.253Z",
"dateUpdated": "2026-04-08T16:58:09.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27056 (GCVE-0-2026-27056)
Vulnerability from cvelistv5
Published
2026-02-19 08:20
Modified
2026-04-01 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through <= 3.2.8.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| StellarWP | iThemes Sync |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-27056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-19T21:38:14.230623Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T21:39:14.651Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "ithemes-sync",
"product": "iThemes Sync",
"vendor": "StellarWP",
"versions": [
{
"changes": [
{
"at": "3.2.9",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.2.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "theviper17 | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:05:11.689Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects iThemes Sync: from n/a through \u003c= 3.2.8.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through \u003c= 3.2.8."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T14:15:00.758Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/ithemes-sync/vulnerability/wordpress-ithemes-sync-plugin-3-2-8-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress iThemes Sync plugin \u003c= 3.2.8 - Broken Access Control vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-27056",
"datePublished": "2026-02-19T08:20:33.197Z",
"dateReserved": "2026-02-17T13:23:30.505Z",
"dateUpdated": "2026-04-01T14:15:00.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2633 (GCVE-0-2026-2633)
Vulnerability from cvelistv5
Published
2026-02-18 06:42
Modified
2026-04-08 17:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the `process_image_data_ajax_callback()` function which handles the `kadence_import_process_image_data` AJAX action. The function's authorization check via `verify_ajax_call()` only validates `edit_posts` capability but fails to check for the `upload_files` capability. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary images from remote URLs to the WordPress Media Library, bypassing the standard WordPress capability restriction that prevents Contributors from uploading files.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor |
Version: 0 ≤ 3.6.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2633",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-18T14:19:51.901936Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T14:20:06.984Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Kadence Blocks \u2014 Page Builder Toolkit for Gutenberg Editor",
"vendor": "stellarwp",
"versions": [
{
"lessThanOrEqual": "3.6.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ali S\u00fcnb\u00fcl"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the `process_image_data_ajax_callback()` function which handles the `kadence_import_process_image_data` AJAX action. The function\u0027s authorization check via `verify_ajax_call()` only validates `edit_posts` capability but fails to check for the `upload_files` capability. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary images from remote URLs to the WordPress Media Library, bypassing the standard WordPress capability restriction that prevents Contributors from uploading files."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:11:22.271Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9c06e0a9-a13a-4cee-a1a5-c43c114b2dbf?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.5.32/includes/class-kadence-blocks-prebuilt-library.php#L789"
},
{
"url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.5.32/includes/class-kadence-blocks-prebuilt-library.php#L1177"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3454881%40kadence-blocks%2Ftrunk\u0026old=3453204%40kadence-blocks%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-03T19:20:21.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-02-17T17:43:19.000Z",
"value": "Disclosed"
}
],
"title": "Gutenberg Blocks with AI by Kadence WP \u003c= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-2633",
"datePublished": "2026-02-18T06:42:42.888Z",
"dateReserved": "2026-02-17T17:42:46.510Z",
"dateUpdated": "2026-04-08T17:11:22.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1857 (GCVE-0-2026-1857)
Vulnerability from cvelistv5
Published
2026-02-18 06:42
Modified
2026-04-08 16:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.6.1. This is due to insufficient validation of the `endpoint` parameter in the `get_items()` function of the GetResponse REST API handler. The endpoint's permission check only requires `edit_posts` capability (Contributor role) rather than `manage_options` (Administrator). This makes it possible for authenticated attackers, with Contributor-level access and above, to make server-side requests to arbitrary endpoints on the configured GetResponse API server, retrieving sensitive data such as contacts, campaigns, and mailing lists using the site's stored API credentials. The stored API key is also leaked in the request headers.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor |
Version: 0 ≤ 3.6.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1857",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-18T20:26:31.259507Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T20:26:38.417Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Kadence Blocks \u2014 Page Builder Toolkit for Gutenberg Editor",
"vendor": "stellarwp",
"versions": [
{
"lessThanOrEqual": "3.6.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ali S\u00fcnb\u00fcl"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.6.1. This is due to insufficient validation of the `endpoint` parameter in the `get_items()` function of the GetResponse REST API handler. The endpoint\u0027s permission check only requires `edit_posts` capability (Contributor role) rather than `manage_options` (Administrator). This makes it possible for authenticated attackers, with Contributor-level access and above, to make server-side requests to arbitrary endpoints on the configured GetResponse API server, retrieving sensitive data such as contacts, campaigns, and mailing lists using the site\u0027s stored API credentials. The stored API key is also leaked in the request headers."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:44:27.779Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2ea8d38a-f5ce-40dd-a015-f56d60579e05?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.5.32/includes/advanced-form/getresponse-rest-api.php#L77"
},
{
"url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.5.32/includes/advanced-form/getresponse-rest-api.php#L57"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3454881%40kadence-blocks%2Ftrunk\u0026old=3453204%40kadence-blocks%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-03T19:19:15.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-02-17T17:38:45.000Z",
"value": "Disclosed"
}
],
"title": "Gutenberg Blocks with AI by Kadence WP \u003c= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery via \u0027endpoint\u0027 Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-1857",
"datePublished": "2026-02-18T06:42:40.144Z",
"dateReserved": "2026-02-03T19:00:13.022Z",
"dateUpdated": "2026-04-08T16:44:27.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1304 (GCVE-0-2026-1304)
Vulnerability from cvelistv5
Published
2026-02-18 05:29
Modified
2026-04-08 17:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
The Membership Plugin – Restrict Content for WordPress is vulnerable to Stored Cross-Site Scripting via multiple invoice settings fields in all versions up to, and including, 3.2.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stellarwp | Membership Plugin – Restrict Content |
Version: 0 ≤ 3.2.18 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1304",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-18T12:25:11.558229Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T12:52:47.695Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Membership Plugin \u2013 Restrict Content",
"vendor": "stellarwp",
"versions": [
{
"lessThanOrEqual": "3.2.18",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Miguel Santareno"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Membership Plugin \u2013 Restrict Content for WordPress is vulnerable to Stored Cross-Site Scripting via multiple invoice settings fields in all versions up to, and including, 3.2.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:24:15.096Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cdd563b7-a1b9-4d99-9a6e-c8acf9dda619?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/includes/admin/settings/settings.php#L896"
},
{
"url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/includes/admin/settings/settings.php#L905"
},
{
"url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/includes/admin/settings/settings.php#L914"
},
{
"url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/includes/admin/settings/settings.php#L923"
},
{
"url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/includes/admin/settings/settings.php#L932"
},
{
"url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/includes/admin/settings/settings.php#L941"
},
{
"url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/includes/admin/settings/settings.php#L950"
},
{
"url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/includes/admin/settings/settings.php#L971"
},
{
"url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/templates/invoice.php#L271"
},
{
"url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/templates/invoice.php#L281"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3448964%40restrict-content\u0026new=3448964%40restrict-content\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-21T19:17:48.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-02-17T17:14:49.000Z",
"value": "Disclosed"
}
],
"title": "Membership Plugin \u2013 Restrict Content \u003c= 3.2.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via Invoice Settings"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-1304",
"datePublished": "2026-02-18T05:29:18.540Z",
"dateReserved": "2026-01-21T19:02:37.312Z",
"dateUpdated": "2026-04-08T17:24:15.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2608 (GCVE-0-2026-2608)
Vulnerability from cvelistv5
Published
2026-02-17 11:20
Modified
2026-04-08 16:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.32. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an unauthorized action.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor |
Version: 0 ≤ 3.5.32 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2608",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T14:28:09.887675Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:28:19.816Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Kadence Blocks \u2014 Page Builder Toolkit for Gutenberg Editor",
"vendor": "stellarwp",
"versions": [
{
"lessThanOrEqual": "3.5.32",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "JohSka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Kadence Blocks \u2014 Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.32. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an unauthorized action."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:33:30.973Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/05dd1686-76e3-498b-80b8-c4befc545fc8?source=cve"
},
{
"url": "https://vdp.patchstack.com/database/wordpress/plugin/kadence-blocks/vulnerability/wordpress-gutenberg-blocks-with-ai-by-kadence-wp-plugin-3-5-32-incorrect-authorization-to-authenticated-contributor-post-publication-vulnerability"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?old_path=/kadence-blocks/tags/3.5.32\u0026new_path=/kadence-blocks/tags/3.6.0\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-16T22:38:23.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-02-11T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Gutenberg Blocks by Kadence Blocks \u003c= 3.5.32 - Missing Authorization"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-2608",
"datePublished": "2026-02-17T11:20:37.133Z",
"dateReserved": "2026-02-16T22:23:22.829Z",
"dateUpdated": "2026-04-08T16:33:30.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15043 (GCVE-0-2025-15043)
Vulnerability from cvelistv5
Published
2026-01-20 14:26
Modified
2026-04-08 16:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'start_migration', 'cancel_migration', and 'revert_migration' functions in all versions up to, and including, 6.15.13. This makes it possible for authenticated attackers, with subscriber level access and above, to start, cancel, or revert the Custom Tables V1 database migration, including dropping the custom database tables entirely via the revert action.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stellarwp | The Events Calendar |
Version: 0 ≤ 6.15.13 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15043",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-20T14:50:51.973166Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T14:51:12.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "The Events Calendar",
"vendor": "stellarwp",
"versions": [
{
"lessThanOrEqual": "6.15.13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "M Indra Purnama"
}
],
"descriptions": [
{
"lang": "en",
"value": "The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the \u0027start_migration\u0027, \u0027cancel_migration\u0027, and \u0027revert_migration\u0027 functions in all versions up to, and including, 6.15.13. This makes it possible for authenticated attackers, with subscriber level access and above, to start, cancel, or revert the Custom Tables V1 database migration, including dropping the custom database tables entirely via the revert action."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:45:45.352Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/346a5b00-fb76-4413-a935-a2df4dc51984?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?old_path=/the-events-calendar/tags/6.15.13\u0026new_path=/the-events-calendar/tags/6.15.13.1"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-19T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-12-23T13:55:07.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-01-20T01:45:16.000Z",
"value": "Disclosed"
}
],
"title": "The Events Calendar \u003c= 6.15.13 - Missing Authorization to Authenticated (Subscriber+) Data Migration Control"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-15043",
"datePublished": "2026-01-20T14:26:32.694Z",
"dateReserved": "2025-12-23T13:25:41.567Z",
"dateUpdated": "2026-04-08T16:45:45.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14844 (GCVE-0-2025-14844)
Vulnerability from cvelistv5
Published
2026-01-16 09:23
Modified
2026-04-08 16:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Summary
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 3.2.16 via the 'rcp_stripe_create_setup_intent_for_saved_card' function due to missing capability check. Additionally, the plugin does not check a user-controlled key, which makes it possible for unauthenticated attackers to leak Stripe SetupIntent client_secret values for any membership.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stellarwp | Membership Plugin – Restrict Content |
Version: 0 ≤ 3.2.16 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14844",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T12:48:39.518455Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T12:50:27.771Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Membership Plugin \u2013 Restrict Content",
"vendor": "stellarwp",
"versions": [
{
"lessThanOrEqual": "3.2.16",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "andrea bocchetti"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Membership Plugin \u2013 Restrict Content plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 3.2.16 via the \u0027rcp_stripe_create_setup_intent_for_saved_card\u0027 function due to missing capability check. Additionally, the plugin does not check a user-controlled key, which makes it possible for unauthenticated attackers to leak Stripe SetupIntent client_secret values for any membership."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:35:02.041Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0c28545d-c7cd-469f-bccf-90e8b52fd4e7?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/includes/gateways/stripe/functions.php#L848"
},
{
"url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/includes/gateways/stripe/functions.php#L987"
},
{
"url": "https://docs.stripe.com/api/setup_intents/object"
},
{
"url": "https://cwe.mitre.org/data/definitions/639.html"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3438168/restrict-content/tags/3.2.17/core/includes/gateways/stripe/functions.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-17T18:50:59.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-01-15T20:39:14.000Z",
"value": "Disclosed"
}
],
"title": "Membership Plugin \u2013 Restrict Content \u003c= 3.2.16 - Missing Authentication to Insecure Direct Object Reference and Sensitive Information Exposure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-14844",
"datePublished": "2026-01-16T09:23:46.932Z",
"dateReserved": "2025-12-17T18:34:48.898Z",
"dateUpdated": "2026-04-08T16:35:02.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-69352 (GCVE-0-2025-69352)
Vulnerability from cvelistv5
Published
2026-01-06 16:36
Modified
2026-04-01 14:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
Missing Authorization vulnerability in StellarWP The Events Calendar the-events-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar: from n/a through <= 6.15.12.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| StellarWP | The Events Calendar |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-69352",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-06T19:54:23.651649Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T19:55:08.294Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "the-events-calendar",
"product": "The Events Calendar",
"vendor": "StellarWP",
"versions": [
{
"changes": [
{
"at": "6.15.13",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.15.12.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Phat RiO | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:04:04.104Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in StellarWP The Events Calendar the-events-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects The Events Calendar: from n/a through \u003c= 6.15.12.2.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in StellarWP The Events Calendar the-events-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar: from n/a through \u003c= 6.15.12.2."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T14:13:20.811Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/the-events-calendar/vulnerability/wordpress-the-events-calendar-plugin-6-15-12-2-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress The Events Calendar plugin \u003c= 6.15.12.2 - Broken Access Control vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-69352",
"datePublished": "2026-01-06T16:36:40.651Z",
"dateReserved": "2025-12-31T20:12:32.244Z",
"dateUpdated": "2026-04-01T14:13:20.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14000 (GCVE-0-2025-14000)
Vulnerability from cvelistv5
Published
2025-12-23 11:13
Modified
2026-04-08 16:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'register_form' and 'restrict' shortcodes in all versions up to, and including, 3.2.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stellarwp | Membership Plugin – Restrict Content |
Version: 0 ≤ 3.2.15 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14000",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-23T15:23:04.311002Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-23T15:23:10.659Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Membership Plugin \u2013 Restrict Content",
"vendor": "stellarwp",
"versions": [
{
"lessThanOrEqual": "3.2.15",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Muhammad Yudha - DJ"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Membership Plugin \u2013 Restrict Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s \u0027register_form\u0027 and \u0027restrict\u0027 shortcodes in all versions up to, and including, 3.2.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:34:51.255Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0b6a84d7-9e77-4a2f-b065-872e8650e75e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.15/core/includes/shortcodes.php#L26"
},
{
"url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.15/core/includes/shortcodes.php#L135"
},
{
"url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.15/core/includes/member-forms.php#L126"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3420370/restrict-content/trunk/core/includes/member-forms.php?old=2642097\u0026old_path=restrict-content%2Ftrunk%2Fcore%2Fincludes%2Fmember-forms.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3420370/restrict-content/trunk/core/includes/shortcodes.php?old=2850120\u0026old_path=restrict-content%2Ftrunk%2Fcore%2Fincludes%2Fshortcodes.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T00:18:41.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-22T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Membership Plugin \u2013 Restrict Content \u003c= 3.2.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-14000",
"datePublished": "2025-12-23T11:13:48.778Z",
"dateReserved": "2025-12-04T00:01:31.299Z",
"dateUpdated": "2026-04-08T16:34:51.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-67467 (GCVE-0-2025-67467)
Vulnerability from cvelistv5
Published
2025-12-09 15:03
Modified
2026-04-01 14:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
Cross-Site Request Forgery (CSRF) vulnerability in StellarWP GiveWP give allows Cross Site Request Forgery.This issue affects GiveWP: from n/a through <= 4.13.1.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-67467",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T15:33:51.660836Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T16:34:02.791Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "give",
"product": "GiveWP",
"vendor": "StellarWP",
"versions": [
{
"changes": [
{
"at": "4.13.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.13.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "mcdruid | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:01:25.314Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in StellarWP GiveWP give allows Cross Site Request Forgery.\u003cp\u003eThis issue affects GiveWP: from n/a through \u003c= 4.13.1.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in StellarWP GiveWP give allows Cross Site Request Forgery.This issue affects GiveWP: from n/a through \u003c= 4.13.1."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T14:10:57.485Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/give/vulnerability/wordpress-givewp-plugin-4-13-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"title": "WordPress GiveWP plugin \u003c= 4.13.1 - Cross Site Request Forgery (CSRF) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-67467",
"datePublished": "2025-12-09T15:03:54.450Z",
"dateReserved": "2025-12-08T16:00:53.489Z",
"dateUpdated": "2026-04-01T14:10:57.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66533 (GCVE-0-2025-66533)
Vulnerability from cvelistv5
Published
2025-12-09 15:03
Modified
2026-04-01 14:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Summary
Improper Control of Generation of Code ('Code Injection') vulnerability in StellarWP GiveWP give allows Code Injection.This issue affects GiveWP: from n/a through <= 4.13.1.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-66533",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T15:41:35.298680Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T16:34:27.250Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "give",
"product": "GiveWP",
"vendor": "StellarWP",
"versions": [
{
"changes": [
{
"at": "4.13.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.13.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kishan Vyas | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:01:25.099Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in StellarWP GiveWP give allows Code Injection.\u003cp\u003eThis issue affects GiveWP: from n/a through \u003c= 4.13.1.\u003c/p\u003e"
}
],
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in StellarWP GiveWP give allows Code Injection.This issue affects GiveWP: from n/a through \u003c= 4.13.1."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "Code Injection"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T14:10:56.738Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/give/vulnerability/wordpress-givewp-plugin-4-13-1-arbitrary-shortocde-execution-vulnerability?_s_id=cve"
}
],
"title": "WordPress GiveWP plugin \u003c= 4.13.1 - Arbitrary Shortocde Execution vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-66533",
"datePublished": "2025-12-09T15:03:54.194Z",
"dateReserved": "2025-12-04T04:07:13.047Z",
"dateUpdated": "2026-04-01T14:10:56.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13387 (GCVE-0-2025-13387)
Vulnerability from cvelistv5
Published
2025-12-02 04:37
Modified
2026-04-08 16:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
The Kadence WooCommerce Email Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer name in all versions up to, and including, 1.5.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stellarwp | Kadence WooCommerce Email Designer |
Version: 0 ≤ 1.5.17 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13387",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T14:28:05.608833Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T14:28:16.872Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Kadence WooCommerce Email Designer",
"vendor": "stellarwp",
"versions": [
{
"lessThanOrEqual": "1.5.17",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Angus Girvan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Kadence WooCommerce Email Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer name in all versions up to, and including, 1.5.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:40:43.158Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1e0cf512-f676-4f47-abaa-5198998376b7?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3399955/kadence-woocommerce-email-designer"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-09T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-11-18T21:27:33.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-01T16:23:27.000Z",
"value": "Disclosed"
}
],
"title": "Kadence WooCommerce Email Designer \u003c= 1.5.17 - Unauthenticated Stored Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13387",
"datePublished": "2025-12-02T04:37:13.679Z",
"dateReserved": "2025-11-18T21:09:56.134Z",
"dateUpdated": "2026-04-08T16:40:43.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13206 (GCVE-0-2025-13206)
Vulnerability from cvelistv5
Published
2025-11-19 07:46
Modified
2026-04-08 17:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 4.13.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Avatars must be enabled in the WordPress install in order to exploit the vulnerability.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stellarwp | GiveWP – Donation Plugin and Fundraising Platform |
Version: 0 ≤ 4.13.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13206",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T18:01:52.436557Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T18:02:01.615Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
"vendor": "stellarwp",
"versions": [
{
"lessThanOrEqual": "4.13.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Angus Girvan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018name\u2019 parameter in all versions up to, and including, 4.13.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Avatars must be enabled in the WordPress install in order to exploit the vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:10:03.740Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/95823720-e1dc-46c1-887b-ffd877b2fbe5?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/give/tags/4.11.0/templates/shortcode-donor-wall.php#L59"
},
{
"url": "https://plugins.trac.wordpress.org/browser/give/tags/4.11.0/includes/process-donation.php#L1230"
},
{
"url": "https://plugins.trac.wordpress.org/browser/give/tags/4.11.0/includes/class-give-donor.php#L1135"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3398128/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-14T18:33:10.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-11-18T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "GiveWP - Donation Plugin and Fundraising Platform \u003c= 4.13.0 - Unauthenticated Stored Cross-Site Scripting via \u0027name\u0027"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13206",
"datePublished": "2025-11-19T07:46:08.136Z",
"dateReserved": "2025-11-14T18:17:22.262Z",
"dateUpdated": "2026-04-08T17:10:03.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12633 (GCVE-0-2025-12633)
Vulnerability from cvelistv5
Published
2025-11-12 07:27
Modified
2026-04-08 16:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
The Booking Calendar | Appointment Booking | Bookit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/bookit/v1/commerce/stripe/return' REST API Endpoint in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to connect their Stripe account and receive payments.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stellarwp | Bookit — Booking & Appointment Calendar |
Version: 0 ≤ 2.5.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12633",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T14:23:10.391578Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T15:26:52.782Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Bookit \u2014 Booking \u0026 Appointment Calendar",
"vendor": "stellarwp",
"versions": [
{
"lessThanOrEqual": "2.5.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Md. Moniruzzaman Prodhan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Booking Calendar | Appointment Booking | Bookit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the \u0027/wp-json/bookit/v1/commerce/stripe/return\u0027 REST API Endpoint in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to connect their Stripe account and receive payments."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:41:40.502Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2263d356-b2ed-4e16-98ee-b01d4274d1d9?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3393159/bookit/tags/2.5.1/src/Bookit/Gateways/StripeConnect/REST/Return_Endpoint.php?old=3121677\u0026old_path=bookit%2Ftags%2F2.5.0%2Fsrc%2FBookit%2FGateways%2FStripeConnect%2FREST%2FReturn_Endpoint.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-08T01:53:19.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-11-11T19:23:08.000Z",
"value": "Disclosed"
}
],
"title": "Booking Calendar | Appointment Booking | Bookit \u003c= 2.5.0 - Missing Authorization to Unauthenticated Stripe Connection"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12633",
"datePublished": "2025-11-12T07:27:40.738Z",
"dateReserved": "2025-11-03T14:50:09.806Z",
"dateUpdated": "2026-04-08T16:41:40.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12192 (GCVE-0-2025-12192)
Vulnerability from cvelistv5
Published
2025-11-05 09:27
Modified
2026-04-08 17:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-697 - Incorrect Comparison
Summary
The Events Calendar plugin for WordPress is vulnerable to information disclosure in versions up to, and including, 6.15.9. The sysinfo REST endpoint compares the provided key to the stored opt-in key using a loose comparison, allowing unauthenticated attackers to send a boolean value and obtain the full system report whenever "Yes, automatically share my system information with The Events Calendar support team" setting is enabled.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stellarwp | The Events Calendar |
Version: 0 ≤ 6.15.9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12192",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-05T15:10:50.799331Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T15:15:28.224Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "The Events Calendar",
"vendor": "stellarwp",
"versions": [
{
"lessThanOrEqual": "6.15.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Mazzolini"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Events Calendar plugin for WordPress is vulnerable to information disclosure in versions up to, and including, 6.15.9. The sysinfo REST endpoint compares the provided key to the stored opt-in key using a loose comparison, allowing unauthenticated attackers to send a boolean value and obtain the full system report whenever \"Yes, automatically share my system information with The Events Calendar support team\" setting is enabled."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-697",
"description": "CWE-697 Incorrect Comparison",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:29:58.824Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e5f3feb7-547e-4c01-8453-a1fc207ee009?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3386042/the-events-calendar"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-24T20:47:32.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-11-04T21:06:17.000Z",
"value": "Disclosed"
}
],
"title": "The Events Calendar \u003c= 6.15.9 - Sysinfo Key Incorrect Comparison to Unauthenticated Sensitive Information Exposure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12192",
"datePublished": "2025-11-05T09:27:40.562Z",
"dateReserved": "2025-10-24T20:31:22.244Z",
"dateUpdated": "2026-04-08T17:29:58.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12197 (GCVE-0-2025-12197)
Vulnerability from cvelistv5
Published
2025-11-05 04:36
Modified
2025-11-05 14:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
The The Events Calendar plugin for WordPress is vulnerable to blind SQL Injection via the 's' parameter in versions 6.15.1.1 to 6.15.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stellarwp | The Events Calendar |
Version: 6.15.1.1 ≤ 6.15.9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12197",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-05T14:18:18.983398Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T14:39:57.142Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "The Events Calendar",
"vendor": "stellarwp",
"versions": [
{
"lessThanOrEqual": "6.15.9",
"status": "affected",
"version": "6.15.1.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lauritz Holme"
}
],
"descriptions": [
{
"lang": "en",
"value": "The The Events Calendar plugin for WordPress is vulnerable to blind SQL Injection via the \u0027s\u0027 parameter in versions 6.15.1.1 to 6.15.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T04:36:58.788Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bc927a93-0cb2-4211-9f93-c0671039011e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3386042/the-events-calendar"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-24T22:54:43.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-11-04T16:25:23.000Z",
"value": "Disclosed"
}
],
"title": "The Events Calendar 6.15.1.1 - 6.15.9 - Unauthenticated SQL Injection via s"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12197",
"datePublished": "2025-11-05T04:36:58.788Z",
"dateReserved": "2025-10-24T22:38:25.867Z",
"dateUpdated": "2025-11-05T14:39:57.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12175 (GCVE-0-2025-12175)
Vulnerability from cvelistv5
Published
2025-10-31 08:25
Modified
2026-04-08 17:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'tec_qr_code_modal' AJAX endpoint in all versions up to, and including, 6.15.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view draft event names and generate/view QR codes for them.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stellarwp | The Events Calendar |
Version: 0 ≤ 6.15.9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12175",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T17:48:26.743617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T17:48:37.987Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "The Events Calendar",
"vendor": "stellarwp",
"versions": [
{
"lessThanOrEqual": "6.15.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Md. Moniruzzaman Prodhan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the \u0027tec_qr_code_modal\u0027 AJAX endpoint in all versions up to, and including, 6.15.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view draft event names and generate/view QR codes for them."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:14:38.610Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ab844a05-80e0-42c7-981c-dea3a18cf4d5?source=cve"
},
{
"url": "https://github.com/the-events-calendar/the-events-calendar/blob/main/src/Events/QR/QR_Code.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3386042/the-events-calendar/tags/6.15.10/src/Events/QR/QR_Code.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-24T16:06:37.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-10-30T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "The Events Calendar \u003c= 6.15.9 - Missing Authorization to Authenticated (Subscriber+) Draft Event Title/QR Code Exposure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12175",
"datePublished": "2025-10-31T08:25:54.534Z",
"dateReserved": "2025-10-24T15:51:30.105Z",
"dateUpdated": "2026-04-08T17:14:38.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62027 (GCVE-0-2025-62027)
Vulnerability from cvelistv5
Published
2025-10-22 14:32
Modified
2026-04-01 14:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
Missing Authorization vulnerability in StellarWP Event Tickets event-tickets.This issue affects Event Tickets: from n/a through <= 5.26.3.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| StellarWP | Event Tickets |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-62027",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-23T15:10:24.513548Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T15:16:17.272Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "event-tickets",
"product": "Event Tickets",
"vendor": "StellarWP",
"versions": [
{
"changes": [
{
"at": "5.26.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.26.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "n0_arafat_n0 | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:00:28.542Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in StellarWP Event Tickets event-tickets.\u003cp\u003eThis issue affects Event Tickets: from n/a through \u003c= 5.26.3.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in StellarWP Event Tickets event-tickets.This issue affects Event Tickets: from n/a through \u003c= 5.26.3."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T14:09:12.989Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/event-tickets/vulnerability/wordpress-event-tickets-plugin-5-26-3-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress Event Tickets plugin \u003c= 5.26.3 - Broken Access Control vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-62027",
"datePublished": "2025-10-22T14:32:51.014Z",
"dateReserved": "2025-10-07T15:34:20.407Z",
"dateUpdated": "2026-04-01T14:09:12.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-49906 (GCVE-0-2025-49906)
Vulnerability from cvelistv5
Published
2025-10-22 14:32
Modified
2026-04-01 14:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
Missing Authorization vulnerability in StellarWP WPComplete wpcomplete allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPComplete: from n/a through <= 2.9.5.3.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| StellarWP | WPComplete |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-49906",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-23T15:11:19.437050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T15:11:23.211Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wpcomplete",
"product": "WPComplete",
"vendor": "StellarWP",
"versions": [
{
"changes": [
{
"at": "2.9.5.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.9.5.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nabil Irawan | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T15:59:01.170Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in StellarWP WPComplete wpcomplete allows Accessing Functionality Not Properly Constrained by ACLs.\u003cp\u003eThis issue affects WPComplete: from n/a through \u003c= 2.9.5.3.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in StellarWP WPComplete wpcomplete allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPComplete: from n/a through \u003c= 2.9.5.3."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T14:07:38.911Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wpcomplete/vulnerability/wordpress-wpcomplete-plugin-2-9-5-3-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress WPComplete plugin \u003c= 2.9.5.3 - Broken Access Control vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-49906",
"datePublished": "2025-10-22T14:32:10.402Z",
"dateReserved": "2025-06-11T16:06:50.723Z",
"dateUpdated": "2026-04-01T14:07:38.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11517 (GCVE-0-2025-11517)
Vulnerability from cvelistv5
Published
2025-10-18 06:42
Modified
2026-04-08 16:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Summary
The Event Tickets and Registration plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 5.26.5. This is due to the /wp-json/tribe/tickets/v1/commerce/free/order endpoint not verifying that a ticket type should be free allowing the user to bypass the payment. This makes it possible for unauthenticated attackers to obtain access to paid tickets, without paying for them, causing a loss of revenue for the target.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stellarwp | Event Tickets and Registration |
Version: 0 ≤ 5.26.5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-20T19:01:14.721980Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T19:01:23.289Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Event Tickets and Registration",
"vendor": "stellarwp",
"versions": [
{
"lessThanOrEqual": "5.26.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jack Pas"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Event Tickets and Registration plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 5.26.5. This is due to the /wp-json/tribe/tickets/v1/commerce/free/order endpoint not verifying that a ticket type should be free allowing the user to bypass the payment. This makes it possible for unauthenticated attackers to obtain access to paid tickets, without paying for them, causing a loss of revenue for the target."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:41:30.638Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/21cd8cb8-2a29-4b66-ab7a-8d8b2f85e2e0?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3378214/event-tickets/tags/5.26.6/src/Tickets/Commerce/Gateways/Free/REST/Order_Endpoint.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-08T15:41:53.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-10-17T18:07:22.000Z",
"value": "Disclosed"
}
],
"title": "Event Tickets and Registration \u003c= 5.26.5 - Unauthenticated Ticket Payment Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-11517",
"datePublished": "2025-10-18T06:42:43.892Z",
"dateReserved": "2025-10-08T15:26:41.876Z",
"dateUpdated": "2026-04-08T16:41:30.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11228 (GCVE-0-2025-11228)
Vulnerability from cvelistv5
Published
2025-10-04 02:24
Modified
2026-04-08 17:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `registerAssociateFormsWithCampaign` function in all versions up to, and including, 4.10.0. This makes it possible for unauthenticated attackers to associate any donation forms with any campaign.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stellarwp | GiveWP – Donation Plugin and Fundraising Platform |
Version: 0 ≤ 4.10.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11228",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-06T14:13:26.544107Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T14:16:26.035Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
"vendor": "stellarwp",
"versions": [
{
"lessThanOrEqual": "4.10.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafshanzani Suhada"
}
],
"descriptions": [
{
"lang": "en",
"value": "The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `registerAssociateFormsWithCampaign` function in all versions up to, and including, 4.10.0. This makes it possible for unauthenticated attackers to associate any donation forms with any campaign."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:28:12.808Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ddf9a043-5eb6-46fd-88c2-0f5a04f73fc9?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/give/tags/4.9.0/src/DonationForms/Routes/DonationFormsEntityRoute.php#L131"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3371948%40give\u0026new=3371948%40give\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-13T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-10-01T12:14:44.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-10-03T14:13:58.000Z",
"value": "Disclosed"
}
],
"title": "GiveWP \u2013 Donation Plugin and Fundraising Platform \u003c= 4.10.0 - Missing Authorization to Unauthenticated Forms-Campaign Association"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-11228",
"datePublished": "2025-10-04T02:24:37.546Z",
"dateReserved": "2025-10-01T12:00:09.679Z",
"dateUpdated": "2026-04-08T17:28:12.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11227 (GCVE-0-2025-11227)
Vulnerability from cvelistv5
Published
2025-10-04 02:24
Modified
2026-04-08 16:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-285 - Improper Authorization
Summary
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.10.0 via the 'registerGetForm', 'registerGetForms', 'registerGetCampaign' and 'registerGetCampaigns' functions due to a missing capability check. This makes it possible for unauthenticated attackers to extract data from private and draft donation forms, as well as archived campaigns.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stellarwp | GiveWP – Donation Plugin and Fundraising Platform |
Version: 0 ≤ 4.10.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11227",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-06T14:18:21.013863Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T14:18:28.992Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
"vendor": "stellarwp",
"versions": [
{
"lessThanOrEqual": "4.10.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafshanzani Suhada"
}
],
"descriptions": [
{
"lang": "en",
"value": "The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.10.0 via the \u0027registerGetForm\u0027, \u0027registerGetForms\u0027, \u0027registerGetCampaign\u0027 and \u0027registerGetCampaigns\u0027 functions due to a missing capability check. This makes it possible for unauthenticated attackers to extract data from private and draft donation forms, as well as archived campaigns."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:53:24.277Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/54db1807-69ff-445c-9e02-9abce9fd3940?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/give/tags/4.9.0/src/DonationForms/Routes/DonationFormsEntityRoute.php#L82"
},
{
"url": "https://plugins.trac.wordpress.org/browser/give/tags/4.9.0/src/API/REST/V3/Routes/Campaigns/RegisterCampaignRoutes.php#L91"
},
{
"url": "https://plugins.trac.wordpress.org/browser/give/tags/4.9.0/src/API/REST/V3/Routes/Campaigns/RegisterCampaignRoutes.php#L60"
},
{
"url": "https://plugins.trac.wordpress.org/browser/give/tags/4.9.0/src/DonationForms/Routes/DonationFormsEntityRoute.php#L52"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3371948%40give\u0026new=3371948%40give\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-13T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-10-01T12:14:29.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-10-03T14:14:48.000Z",
"value": "Disclosed"
}
],
"title": "GiveWP \u2013 Donation Plugin and Fundraising Platform \u003c= 4.10.0 - Missing Authorization to Unauthenticated Forms and Campaigns Disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-11227",
"datePublished": "2025-10-04T02:24:35.306Z",
"dateReserved": "2025-10-01T11:59:03.245Z",
"dateUpdated": "2026-04-08T16:53:24.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58974 (GCVE-0-2025-58974)
Vulnerability from cvelistv5
Published
2025-09-22 18:26
Modified
2026-04-01 15:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP WPComplete wpcomplete allows Stored XSS.This issue affects WPComplete: from n/a through <= 2.9.5.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| StellarWP | WPComplete |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58974",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T17:47:50.416556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T17:49:02.747Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wpcomplete",
"product": "WPComplete",
"vendor": "StellarWP",
"versions": [
{
"changes": [
{
"at": "2.9.5.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.9.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Muhammad Yudha - DJ | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:42:55.741Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in StellarWP WPComplete wpcomplete allows Stored XSS.\u003cp\u003eThis issue affects WPComplete: from n/a through \u003c= 2.9.5.2.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in StellarWP WPComplete wpcomplete allows Stored XSS.This issue affects WPComplete: from n/a through \u003c= 2.9.5.2."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:59:14.953Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wpcomplete/vulnerability/wordpress-wpcomplete-plugin-2-9-5-2-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress WPComplete Plugin \u003c= 2.9.5.2 - Cross Site Scripting (XSS) Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-58974",
"datePublished": "2025-09-22T18:26:08.404Z",
"dateReserved": "2025-09-06T04:45:16.549Z",
"dateUpdated": "2026-04-01T15:59:14.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}