The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insecure Direct Object Reference / Authorization Bypass leading to Arbitrary Attachment Deletion. This issue affects versions up to, and including, 1.8.11.1 and is exploitable via the profile avatar update flow. An authenticated attacker with Subscriber-level access and above [truncated]
The PDF Embedder plugin for WordPress exposes sensitive configuration data through the `enqueue_block_assets` hook in versions up to and including 4.9.3. Authenticated users with contributor-level access or higher can extract this data. When the premium add-on is installed and a license key has been saved, the exposed data includes the license key. On Lite-only installations, the exposure is limited to no [truncated]
A Cross-Site Request Forgery (CSRF) vulnerability in the Easy Digital Downloads WordPress plugin allows unauthenticated attackers to overwrite Square payment gateway credentials by tricking a logged-in administrator into visiting a malicious link. The flaw exists in the `handle_oauth_redirect()` function, which processes OAuth tokens from user-supplied GET parameters without nonce verification. This could [truncated]
CVE-2026-8832 is a high-severity remote code execution vulnerability in the WPCode WordPress plugin (versions up to and including 2.3.5), published 2026-05-27. The root cause is a missing capability_type parameter when registering the 'wpcode' custom post type, causing WordPress to fall back to standard post capabilities. This allows author-level users to create and publish executable PHP snippets via XML [truncated]
The NextGEN Gallery WordPress plugin (versions ≤4.2.0) contains an Insecure Direct Object Reference (IDOR) vulnerability in its REST API image deletion endpoint. The DELETE /imagely/v1/images/{id} endpoint only validates the 'NextGEN Manage gallery' capability without verifying gallery ownership or checking for the 'NextGEN Manage others gallery' permission. This authorization gap allows authenticated att [truncated]
The All in One SEO plugin for WordPress, versions up to and including 4.9.7, exposes sensitive internal option data through localized script variables in post editor contexts. The vulnerability stems from passing unmasked API/OAuth tokens and license-related values via `wp_localize_script()` to the browser, where contributor-level users and above can view them in page source. This represents an informatio [truncated]