Search Results (23 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-14895 2 Roxnor, Wordpress 2 Popup Builder With Gamification, Multi-step Popups, Page-level Targeting, And Woocommerce Triggers, Wordpress 2026-04-21 5.4 Medium
The PopupKit plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.0. This is due to the plugin not properly verifying that a user is authorized to access the /popup/logs REST API endpoint. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read and delete analytics data including device types, browser information, countries, referrer URLs, and campaign metrics.
CVE-2026-0633 3 Elementor, Roxnor, Wordpress 3 Elementor, Metform Contact Form Survey Quiz Custom Form Builder For Elementor, Wordpress 2026-04-15 3.7 Low
The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.1.0. This is due to the use of a forgeable cookie value derived only from the entry ID and current user ID without a server-side secret. This makes it possible for unauthenticated attackers to access form submission entry data via MetForm shortcodes for entries created within the transient TTL (default is 15 minutes).
CVE-2026-1925 2 Roxnor, Wordpress 2 Emailkit – Email Customizer For Woocommerce & Wp, Wordpress 2026-04-15 4.3 Medium
The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'update_template_data' function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the title of any post on the site, including posts, pages, and custom post types.