Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
56 vulnerabilities by Themegrill
CVE-2026-4804 (GCVE-0-2026-4804)
Vulnerability from nvd – Published: 2026-07-03 07:53 – Updated: 2026-07-06 16:25
VLAI
EPSS
VEX
Title
Zakra <= 4.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta REST API
Summary
The Zakra theme for WordPress is vulnerable to Stored Cross-Site Scripting via post meta values in all versions up to, and including, 4.2.0. This is due to the theme registering three post meta fields (zakra_menu_item_color, zakra_menu_item_hover_color, and zakra_menu_item_active_color) with 'show_in_rest' => true and 'auth_callback' => '__return_true', but without any sanitize_callback parameter in the register_post_meta() calls. While the classic editor save path applies sanitize_hex_color() sanitization, the REST API path completely bypasses this protection. The unsanitized meta values are then retrieved via get_post_meta() and concatenated directly into CSS strings that are output through wp_add_inline_style() without any escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the injected page.
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| themegrill | Zakra |
Affected:
0 , ≤ 4.2.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4804",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T16:25:36.489784Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T16:25:45.616Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Zakra",
"vendor": "themegrill",
"versions": [
{
"lessThanOrEqual": "4.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Osvaldo Noe Gonzalez Del Rio (Os)"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Zakra theme for WordPress is vulnerable to Stored Cross-Site Scripting via post meta values in all versions up to, and including, 4.2.0. This is due to the theme registering three post meta fields (zakra_menu_item_color, zakra_menu_item_hover_color, and zakra_menu_item_active_color) with \u0027show_in_rest\u0027 =\u003e true and \u0027auth_callback\u0027 =\u003e \u0027__return_true\u0027, but without any sanitize_callback parameter in the register_post_meta() calls. While the classic editor save path applies sanitize_hex_color() sanitization, the REST API path completely bypasses this protection. The unsanitized meta values are then retrieved via get_post_meta() and concatenated directly into CSS strings that are output through wp_add_inline_style() without any escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T07:53:09.987Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bbda67a3-0413-4d8e-8157-84c9c87b8695?source=cve"
},
{
"url": "https://themes.trac.wordpress.org/changeset?reponame=\u0026new=330192%40zakra%2F4.2.1\u0026old=297420%40zakra%2F4.2.0#file39"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-25T11:54:11.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-07-02T19:01:25.000Z",
"value": "Disclosed"
}
],
"title": "Zakra \u003c= 4.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta REST API"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-4804",
"datePublished": "2026-07-03T07:53:09.987Z",
"dateReserved": "2026-03-25T11:38:39.477Z",
"dateUpdated": "2026-07-06T16:25:45.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-52701 (GCVE-0-2026-52701)
Vulnerability from nvd – Published: 2026-06-26 14:52 – Updated: 2026-06-26 17:09
VLAI
EPSS
VEX
Title
WordPress User Registration plugin <= 5.2.2 - Broken Access Control vulnerability
Summary
Unauthenticated Broken Access Control in User Registration <= 5.2.2 versions.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/wordpress/plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Themegrill | User Registration |
Affected:
n/a , ≤ 5.2.2
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-52701",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-26T17:09:26.080331Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T17:09:36.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "user-registration",
"product": "User Registration",
"vendor": "Themegrill",
"versions": [
{
"changes": [
{
"at": "5.2.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.2.2",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "nobody09 | Patchstack Bug Bounty Program"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unauthenticated Broken Access Control in User Registration \u003c= 5.2.2 versions."
}
],
"value": "Unauthenticated Broken Access Control in User Registration \u003c= 5.2.2 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T14:52:18.447Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/user-registration/vulnerability/wordpress-user-registration-plugin-5-1-5-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress User Registration plugin to the latest available version (at least 5.2.3)."
}
],
"value": "Update the WordPress User Registration plugin to the latest available version (at least 5.2.3)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress User Registration plugin \u003c= 5.2.2 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-52701",
"datePublished": "2026-06-26T14:52:18.447Z",
"dateReserved": "2026-06-08T10:11:03.696Z",
"dateUpdated": "2026-06-26T17:09:36.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-54807 (GCVE-0-2026-54807)
Vulnerability from nvd – Published: 2026-06-17 09:51 – Updated: 2026-06-17 12:15
VLAI
EPSS
VEX
Title
WordPress Registration Form for WooCommerce plugin <= 1.0.9 - Privilege Escalation vulnerability
Summary
Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/wordpress/plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ThemeGrill | Registration Form for WooCommerce |
Affected:
n/a , ≤ 1.0.9
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-54807",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T12:15:03.967995Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T12:15:13.929Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "registration-form-for-woocommerce",
"product": "Registration Form for WooCommerce",
"vendor": "ThemeGrill",
"versions": [
{
"changes": [
{
"at": "1.1.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.0.9",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "ParkHyunWoo | Patchstack Bug Bounty Program"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unauthenticated Privilege Escalation in Registration Form for WooCommerce \u003c= 1.0.9 versions."
}
],
"value": "Unauthenticated Privilege Escalation in Registration Form for WooCommerce \u003c= 1.0.9 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T09:51:46.082Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/registration-form-for-woocommerce/vulnerability/wordpress-registration-form-for-woocommerce-plugin-1-0-9-privilege-escalation-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress Registration Form for WooCommerce Plugin to the latest available version (at least 1.1.0)."
}
],
"value": "Update the WordPress Registration Form for WooCommerce Plugin to the latest available version (at least 1.1.0)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Registration Form for WooCommerce plugin \u003c= 1.0.9 - Privilege Escalation vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-54807",
"datePublished": "2026-06-17T09:51:46.082Z",
"dateReserved": "2026-06-16T09:21:34.477Z",
"dateUpdated": "2026-06-17T12:15:13.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-49081 (GCVE-0-2026-49081)
Vulnerability from nvd – Published: 2026-06-17 09:51 – Updated: 2026-06-17 14:31
VLAI
EPSS
VEX
Title
WordPress User Registration Stripe plugin <= 1.3.12 - Broken Access Control vulnerability
Summary
Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.12 versions.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/wordpress/plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ThemeGrill | User Registration Stripe |
Affected:
n/a , ≤ 1.3.12
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-49081",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T14:31:00.765121Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T14:31:15.344Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "user-registration-stripe",
"product": "User Registration Stripe",
"vendor": "ThemeGrill",
"versions": [
{
"changes": [
{
"at": "1.3.13",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.3.12",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "0xd4rk5id3 | Patchstack Bug Bounty Program"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unauthenticated Broken Access Control in User Registration Stripe \u003c= 1.3.12 versions."
}
],
"value": "Unauthenticated Broken Access Control in User Registration Stripe \u003c= 1.3.12 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T09:51:25.629Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/user-registration-stripe/vulnerability/wordpress-user-registration-stripe-plugin-1-3-12-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress User Registration Stripe Plugin to the latest available version (at least 1.3.13)."
}
],
"value": "Update the WordPress User Registration Stripe Plugin to the latest available version (at least 1.3.13)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress User Registration Stripe plugin \u003c= 1.3.12 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-49081",
"datePublished": "2026-06-17T09:51:25.629Z",
"dateReserved": "2026-05-27T10:27:09.956Z",
"dateUpdated": "2026-06-17T14:31:15.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40726 (GCVE-0-2026-40726)
Vulnerability from nvd – Published: 2026-06-17 09:51 – Updated: 2026-06-17 12:32
VLAI
EPSS
VEX
Title
WordPress User Registration Stripe plugin <= 1.3.14 - Broken Access Control vulnerability
Summary
Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/wordpress/plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ThemeGrill | User Registration Stripe |
Affected:
n/a , ≤ 1.3.14
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40726",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T12:32:29.749096Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T12:32:36.031Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "user-registration-stripe",
"product": "User Registration Stripe",
"vendor": "ThemeGrill",
"versions": [
{
"changes": [
{
"at": "1.3.15",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.3.14",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "0xd4rk5id3 | Patchstack Bug Bounty Program"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unauthenticated Broken Access Control in User Registration Stripe \u003c= 1.3.14 versions."
}
],
"value": "Unauthenticated Broken Access Control in User Registration Stripe \u003c= 1.3.14 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T09:51:00.869Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/user-registration-stripe/vulnerability/wordpress-user-registration-stripe-plugin-1-3-14-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress User Registration Stripe Plugin to the latest available version (at least 1.3.15)."
}
],
"value": "Update the WordPress User Registration Stripe Plugin to the latest available version (at least 1.3.15)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress User Registration Stripe plugin \u003c= 1.3.14 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-40726",
"datePublished": "2026-06-17T09:51:00.869Z",
"dateReserved": "2026-04-15T09:19:20.453Z",
"dateUpdated": "2026-06-17T12:32:36.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42743 (GCVE-0-2026-42743)
Vulnerability from nvd – Published: 2026-06-15 20:18 – Updated: 2026-06-16 01:23
VLAI
EPSS
VEX
Title
WordPress Masteriyo - LMS plugin <= 2.1.8 - Broken Authentication vulnerability
Summary
Unauthenticated Broken Authentication in Masteriyo - LMS <= 2.1.8 versions.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/wordpress/plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ThemeGrill | Masteriyo - LMS |
Affected:
n/a , ≤ 2.1.8
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42743",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-16T01:09:35.881460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T01:23:35.285Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "learning-management-system",
"product": "Masteriyo - LMS",
"vendor": "ThemeGrill",
"versions": [
{
"changes": [
{
"at": "2.1.9",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.1.8",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "HieuPenguinnn | Patchstack Bug Bounty Program"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unauthenticated Broken Authentication in Masteriyo - LMS \u003c= 2.1.8 versions."
}
],
"value": "Unauthenticated Broken Authentication in Masteriyo - LMS \u003c= 2.1.8 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T20:18:49.676Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/learning-management-system/vulnerability/wordpress-masteriyo-lms-plugin-2-1-8-broken-authentication-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress Masteriyo - LMS Plugin to the latest available version (at least 2.1.9)."
}
],
"value": "Update the WordPress Masteriyo - LMS Plugin to the latest available version (at least 2.1.9)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Masteriyo - LMS plugin \u003c= 2.1.8 - Broken Authentication vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-42743",
"datePublished": "2026-06-15T20:18:49.676Z",
"dateReserved": "2026-04-29T09:05:30.886Z",
"dateUpdated": "2026-06-16T01:23:35.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-39524 (GCVE-0-2026-39524)
Vulnerability from nvd – Published: 2026-06-15 20:18 – Updated: 2026-06-16 14:27
VLAI
EPSS
VEX
Title
WordPress Masteriyo - LMS plugin <= 2.1.5 - Payment Bypass vulnerability
Summary
Unauthenticated Broken Access Control in Masteriyo - LMS <= 2.1.5 versions.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/wordpress/plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ThemeGrill | Masteriyo - LMS |
Affected:
n/a , ≤ 2.1.5
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-39524",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-16T14:27:00.618818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T14:27:19.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "learning-management-system",
"product": "Masteriyo - LMS",
"vendor": "ThemeGrill",
"versions": [
{
"changes": [
{
"at": "2.1.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.1.5",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "davidfdzmorilla | Patchstack Bug Bounty Program"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unauthenticated Broken Access Control in Masteriyo - LMS \u003c= 2.1.5 versions."
}
],
"value": "Unauthenticated Broken Access Control in Masteriyo - LMS \u003c= 2.1.5 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T20:18:02.164Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/learning-management-system/vulnerability/wordpress-masteriyo-lms-plugin-2-1-5-payment-bypass-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress Masteriyo - LMS Plugin to the latest available version (at least 2.1.6)."
}
],
"value": "Update the WordPress Masteriyo - LMS Plugin to the latest available version (at least 2.1.6)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Masteriyo - LMS plugin \u003c= 2.1.5 - Payment Bypass vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-39524",
"datePublished": "2026-06-15T20:18:02.164Z",
"dateReserved": "2026-04-07T10:48:09.605Z",
"dateUpdated": "2026-06-16T14:27:19.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25425 (GCVE-0-2026-25425)
Vulnerability from nvd – Published: 2026-06-15 20:17 – Updated: 2026-06-15 22:12
VLAI
EPSS
VEX
Title
WordPress User Registration plugin <= 5.1.2 - Broken Access Control vulnerability
Summary
Unauthenticated Broken Access Control in User Registration <= 5.1.2 versions.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/wordpress/plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ThemeGrill | User Registration |
Affected:
n/a , ≤ 5.1.2
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25425",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-15T22:12:06.678535Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T22:12:41.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "user-registration",
"product": "User Registration",
"vendor": "ThemeGrill",
"versions": [
{
"changes": [
{
"at": "5.1.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.1.2",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "0xd4rk5id3 | Patchstack Bug Bounty Program"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unauthenticated Broken Access Control in User Registration \u003c= 5.1.2 versions."
}
],
"value": "Unauthenticated Broken Access Control in User Registration \u003c= 5.1.2 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T20:17:32.186Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/user-registration/vulnerability/wordpress-user-registration-plugin-5-1-2-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress User Registration Plugin to the latest available version (at least 5.1.3)."
}
],
"value": "Update the WordPress User Registration Plugin to the latest available version (at least 5.1.3)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress User Registration plugin \u003c= 5.1.2 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-25425",
"datePublished": "2026-06-15T20:17:32.186Z",
"dateReserved": "2026-02-02T12:53:34.261Z",
"dateUpdated": "2026-06-15T22:12:41.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-49111 (GCVE-0-2026-49111)
Vulnerability from nvd – Published: 2026-06-15 12:52 – Updated: 2026-06-15 15:51 X_Open Source
VLAI
EPSS
VEX
Title
WordPress Masteriyo - LMS plugin <= 2.2.0 - Privilege Escalation vulnerability
Summary
Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation.
This issue affects Masteriyo - LMS: from n/a through 2.2.0.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/wordpress/plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ThemeGrill | Masteriyo - LMS |
Affected:
n/a , ≤ 2.2.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-49111",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-15T15:51:27.477676Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T15:51:36.374Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "learning-management-system",
"product": "Masteriyo - LMS",
"vendor": "ThemeGrill",
"versions": [
{
"changes": [
{
"at": "2.2.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.2.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "daroo | Patchstack Bug Bounty Program"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation.\u003cp\u003eThis issue affects Masteriyo - LMS: from n/a through 2.2.0.\u003c/p\u003e"
}
],
"value": "Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation.\n\nThis issue affects Masteriyo - LMS: from n/a through 2.2.0."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T12:52:36.862Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/learning-management-system/vulnerability/wordpress-masteriyo-lms-plugin-2-2-0-privilege-escalation-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress Masteriyo - LMS Plugin to the latest available version (at least 2.2.1)."
}
],
"value": "Update the WordPress Masteriyo - LMS Plugin to the latest available version (at least 2.2.1)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"x_open-source"
],
"title": "WordPress Masteriyo - LMS plugin \u003c= 2.2.0 - Privilege Escalation vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-49111",
"datePublished": "2026-06-15T12:52:36.862Z",
"dateReserved": "2026-05-27T15:12:19.105Z",
"dateUpdated": "2026-06-15T15:51:36.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40730 (GCVE-0-2026-40730)
Vulnerability from nvd – Published: 2026-04-15 10:21 – Updated: 2026-04-29 09:52
VLAI
EPSS
VEX
Title
WordPress ThemeGrill Demo Importer plugin <= 2.0.0.6 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer themegrill-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeGrill Demo Importer: from n/a through <= 2.0.0.6.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ThemeGrill | ThemeGrill Demo Importer |
Affected:
0 , ≤ 2.0.0.6
(custom)
|
Date Public
2026-04-15 12:20
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-40730",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T15:35:05.429268Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T20:27:31.615Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "themegrill-demo-importer",
"product": "ThemeGrill Demo Importer",
"vendor": "ThemeGrill",
"versions": [
{
"changes": [
{
"at": "2.0.0.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.0.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Steven Julian | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-15T12:20:45.288Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer themegrill-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects ThemeGrill Demo Importer: from n/a through \u003c= 2.0.0.6.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer themegrill-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeGrill Demo Importer: from n/a through \u003c= 2.0.0.6."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T09:52:04.755Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/themegrill-demo-importer/vulnerability/wordpress-themegrill-demo-importer-plugin-2-0-0-6-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress ThemeGrill Demo Importer plugin \u003c= 2.0.0.6 - Broken Access Control vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-40730",
"datePublished": "2026-04-15T10:21:33.831Z",
"dateReserved": "2026-04-15T09:19:28.916Z",
"dateUpdated": "2026-04-29T09:52:04.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9331 (GCVE-0-2025-9331)
Vulnerability from nvd – Published: 2025-08-22 11:14 – Updated: 2026-04-08 16:33
VLAI
EPSS
VEX
Title
Spacious <= 1.9.11 - Missing Authorization to Autheticated (Subscriber+) Demo Data Import
Summary
The Spacious theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'welcome_notice_import_handler' function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import demo data into the site.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| themegrill | Spacious |
Affected:
0 , ≤ 1.9.11
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9331",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-22T14:00:10.464119Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T14:01:46.285Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spacious",
"vendor": "themegrill",
"versions": [
{
"lessThanOrEqual": "1.9.11",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Spacious theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the \u0027welcome_notice_import_handler\u0027 function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import demo data into the site."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:33:03.456Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/03fd2eee-429c-4053-8105-e1816f99ea91?source=cve"
},
{
"url": "https://themes.trac.wordpress.org/changeset/282946/"
},
{
"url": "https://research.cleantalk.org/cve-2025-9331/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-21T22:13:50.000Z",
"value": "Disclosed"
}
],
"title": "Spacious \u003c= 1.9.11 - Missing Authorization to Autheticated (Subscriber+) Demo Data Import"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-9331",
"datePublished": "2025-08-22T11:14:00.384Z",
"dateReserved": "2025-08-21T21:41:45.367Z",
"dateUpdated": "2026-04-08T16:33:03.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9202 (GCVE-0-2025-9202)
Vulnerability from nvd – Published: 2025-08-20 06:39 – Updated: 2026-04-08 17:16
VLAI
EPSS
VEX
Title
ColorMag <= 4.0.19 - Missing Authorization to Authenticated (Subscriber+) ThemeGrill Demo Importer Plugin Installation
Summary
The ColorMag theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the welcome_notice_import_handler() function in all versions up to, and including, 4.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the ThemeGrill Demo Importer plugin.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| themegrill | ColorMag |
Affected:
0 , ≤ 4.0.19
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9202",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T17:31:57.271710Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T17:32:33.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ColorMag",
"vendor": "themegrill",
"versions": [
{
"lessThanOrEqual": "4.0.19",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ColorMag theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the welcome_notice_import_handler() function in all versions up to, and including, 4.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the ThemeGrill Demo Importer plugin."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:16:15.896Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b1922b16-e76c-4ee6-83ad-77970c8c25c0?source=cve"
},
{
"url": "https://research.cleantalk.org/CVE-2025-9202"
},
{
"url": "https://themes.trac.wordpress.org/changeset/283558/colormag/4.0.20/inc/admin/class-colormag-welcome-notice.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-19T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "ColorMag \u003c= 4.0.19 - Missing Authorization to Authenticated (Subscriber+) ThemeGrill Demo Importer Plugin Installation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-9202",
"datePublished": "2025-08-20T06:39:50.555Z",
"dateReserved": "2025-08-19T17:37:33.877Z",
"dateUpdated": "2026-04-08T17:16:15.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8595 (GCVE-0-2025-8595)
Vulnerability from nvd – Published: 2025-08-06 02:24 – Updated: 2026-04-08 16:51
VLAI
EPSS
VEX
Title
Zakra <= 4.1.5 - Missing Authorization to Subscriber+ Demo Import
Summary
The Zakra theme for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the welcome_notice_import_handler() function in all versions up to, and including, 4.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import demo settings.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| themegrill | Zakra |
Affected:
0 , ≤ 4.1.5
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8595",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-06T13:40:16.547545Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T13:40:34.249Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Zakra",
"vendor": "themegrill",
"versions": [
{
"lessThanOrEqual": "4.1.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Zakra theme for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the welcome_notice_import_handler() function in all versions up to, and including, 4.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import demo settings."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:51:32.455Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4da012dc-7e58-479a-813e-762eb28297bf?source=cve"
},
{
"url": "https://themes.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=281307%40zakra%2F4.1.6\u0026old=276128%40zakra%2F4.1.5"
},
{
"url": "https://research.cleantalk.org/cve-2025-8595/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-05T13:58:24.000Z",
"value": "Disclosed"
}
],
"title": "Zakra \u003c= 4.1.5 - Missing Authorization to Subscriber+ Demo Import"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-8595",
"datePublished": "2025-08-06T02:24:11.563Z",
"dateReserved": "2025-08-05T13:56:34.374Z",
"dateUpdated": "2026-04-08T16:51:32.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-33939 (GCVE-0-2024-33939)
Vulnerability from nvd – Published: 2025-05-19 15:55 – Updated: 2026-04-28 16:09
VLAI
EPSS
VEX
Title
WordPress LMS by Masteriyo plugin <= 1.7.3 - Broken Authentication vulnerability
Summary
Authentication Bypass Using an Alternate Path or Channel vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.7.3.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| masteriyo | Masteriyo - LMS |
Affected:
0 , ≤ 1.7.3
(custom)
|
Date Public
2026-04-01 16:25
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33939",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T16:58:24.182475Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T16:58:29.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "learning-management-system",
"product": "Masteriyo - LMS",
"vendor": "masteriyo",
"versions": [
{
"changes": [
{
"at": "1.7.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Steven Julian | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:25:34.505Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in masteriyo Masteriyo - LMS learning-management-system.\u003cp\u003eThis issue affects Masteriyo - LMS: from n/a through \u003c= 1.7.3.\u003c/p\u003e"
}
],
"value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through \u003c= 1.7.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:47.023Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/learning-management-system/vulnerability/wordpress-lms-by-masteriyo-plugin-1-7-3-broken-authentication-vulnerability?_s_id=cve"
}
],
"title": "WordPress LMS by Masteriyo plugin \u003c= 1.7.3 - Broken Authentication vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-33939",
"datePublished": "2025-05-19T15:55:18.574Z",
"dateReserved": "2024-04-29T08:10:25.154Z",
"dateUpdated": "2026-04-28T16:09:47.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-36837 (GCVE-0-2020-36837)
Vulnerability from nvd – Published: 2024-10-16 06:43 – Updated: 2024-10-16 18:03
VLAI
EPSS
VEX
Title
ThemeGrill Demo Importer 1.3.4 - 1.6.1 - Authorization Bypass to Site Reset
Summary
The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. This makes it possible for authenticated attackers to reset the WordPress database. After which, if there is a user named 'admin', the attacker will become automatically logged in as an administrator.
Severity
9.9 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| themegrill | ThemeGrill Demo Importer |
Affected:
1.3.4 , ≤ 1.6.1
(semver)
|
|
| themegrill | themegrill_demo_importer |
Affected:
1.3.4 , ≤ 1.6.1
(semver)
cpe:2.3:a:themegrill:themegrill_demo_importer:*:*:*:*:*:wordpress:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:themegrill:themegrill_demo_importer:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "themegrill_demo_importer",
"vendor": "themegrill",
"versions": [
{
"lessThanOrEqual": "1.6.1",
"status": "affected",
"version": "1.3.4",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36837",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T15:33:00.739470Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T18:03:47.811Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThemeGrill Demo Importer",
"vendor": "themegrill",
"versions": [
{
"lessThanOrEqual": "1.6.1",
"status": "affected",
"version": "1.3.4",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dave Jong"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. This makes it possible for authenticated attackers to reset the WordPress database. After which, if there is a user named \u0027admin\u0027, the attacker will become automatically logged in as an administrator."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T06:43:35.980Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8c0dc694-854e-4f96-8c2d-7251c41a3ee9?source=cve"
},
{
"url": "https://www.webarxsecurity.com/critical-issue-in-themegrill-demo-importer/"
},
{
"url": "https://www.openwall.com/lists/oss-security/2020/02/19/1"
},
{
"url": "https://raw.githubusercontent.com/themegrill/themegrill-demo-importer/master/CHANGELOG.txt"
}
],
"timeline": [
{
"lang": "en",
"time": "2020-02-16T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "ThemeGrill Demo Importer 1.3.4 - 1.6.1 - Authorization Bypass to Site Reset"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2020-36837",
"datePublished": "2024-10-16T06:43:35.980Z",
"dateReserved": "2024-10-15T18:39:42.773Z",
"dateUpdated": "2024-10-16T18:03:47.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-4804 (GCVE-0-2026-4804)
Vulnerability from cvelistv5 – Published: 2026-07-03 07:53 – Updated: 2026-07-06 16:25
VLAI
EPSS
VEX
Title
Zakra <= 4.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta REST API
Summary
The Zakra theme for WordPress is vulnerable to Stored Cross-Site Scripting via post meta values in all versions up to, and including, 4.2.0. This is due to the theme registering three post meta fields (zakra_menu_item_color, zakra_menu_item_hover_color, and zakra_menu_item_active_color) with 'show_in_rest' => true and 'auth_callback' => '__return_true', but without any sanitize_callback parameter in the register_post_meta() calls. While the classic editor save path applies sanitize_hex_color() sanitization, the REST API path completely bypasses this protection. The unsanitized meta values are then retrieved via get_post_meta() and concatenated directly into CSS strings that are output through wp_add_inline_style() without any escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the injected page.
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| themegrill | Zakra |
Affected:
0 , ≤ 4.2.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4804",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T16:25:36.489784Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T16:25:45.616Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Zakra",
"vendor": "themegrill",
"versions": [
{
"lessThanOrEqual": "4.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Osvaldo Noe Gonzalez Del Rio (Os)"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Zakra theme for WordPress is vulnerable to Stored Cross-Site Scripting via post meta values in all versions up to, and including, 4.2.0. This is due to the theme registering three post meta fields (zakra_menu_item_color, zakra_menu_item_hover_color, and zakra_menu_item_active_color) with \u0027show_in_rest\u0027 =\u003e true and \u0027auth_callback\u0027 =\u003e \u0027__return_true\u0027, but without any sanitize_callback parameter in the register_post_meta() calls. While the classic editor save path applies sanitize_hex_color() sanitization, the REST API path completely bypasses this protection. The unsanitized meta values are then retrieved via get_post_meta() and concatenated directly into CSS strings that are output through wp_add_inline_style() without any escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T07:53:09.987Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bbda67a3-0413-4d8e-8157-84c9c87b8695?source=cve"
},
{
"url": "https://themes.trac.wordpress.org/changeset?reponame=\u0026new=330192%40zakra%2F4.2.1\u0026old=297420%40zakra%2F4.2.0#file39"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-25T11:54:11.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-07-02T19:01:25.000Z",
"value": "Disclosed"
}
],
"title": "Zakra \u003c= 4.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta REST API"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-4804",
"datePublished": "2026-07-03T07:53:09.987Z",
"dateReserved": "2026-03-25T11:38:39.477Z",
"dateUpdated": "2026-07-06T16:25:45.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-52701 (GCVE-0-2026-52701)
Vulnerability from cvelistv5 – Published: 2026-06-26 14:52 – Updated: 2026-06-26 17:09
VLAI
EPSS
VEX
Title
WordPress User Registration plugin <= 5.2.2 - Broken Access Control vulnerability
Summary
Unauthenticated Broken Access Control in User Registration <= 5.2.2 versions.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/wordpress/plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Themegrill | User Registration |
Affected:
n/a , ≤ 5.2.2
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-52701",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-26T17:09:26.080331Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T17:09:36.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "user-registration",
"product": "User Registration",
"vendor": "Themegrill",
"versions": [
{
"changes": [
{
"at": "5.2.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.2.2",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "nobody09 | Patchstack Bug Bounty Program"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unauthenticated Broken Access Control in User Registration \u003c= 5.2.2 versions."
}
],
"value": "Unauthenticated Broken Access Control in User Registration \u003c= 5.2.2 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T14:52:18.447Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/user-registration/vulnerability/wordpress-user-registration-plugin-5-1-5-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress User Registration plugin to the latest available version (at least 5.2.3)."
}
],
"value": "Update the WordPress User Registration plugin to the latest available version (at least 5.2.3)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress User Registration plugin \u003c= 5.2.2 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-52701",
"datePublished": "2026-06-26T14:52:18.447Z",
"dateReserved": "2026-06-08T10:11:03.696Z",
"dateUpdated": "2026-06-26T17:09:36.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-54807 (GCVE-0-2026-54807)
Vulnerability from cvelistv5 – Published: 2026-06-17 09:51 – Updated: 2026-06-17 12:15
VLAI
EPSS
VEX
Title
WordPress Registration Form for WooCommerce plugin <= 1.0.9 - Privilege Escalation vulnerability
Summary
Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/wordpress/plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ThemeGrill | Registration Form for WooCommerce |
Affected:
n/a , ≤ 1.0.9
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-54807",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T12:15:03.967995Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T12:15:13.929Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "registration-form-for-woocommerce",
"product": "Registration Form for WooCommerce",
"vendor": "ThemeGrill",
"versions": [
{
"changes": [
{
"at": "1.1.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.0.9",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "ParkHyunWoo | Patchstack Bug Bounty Program"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unauthenticated Privilege Escalation in Registration Form for WooCommerce \u003c= 1.0.9 versions."
}
],
"value": "Unauthenticated Privilege Escalation in Registration Form for WooCommerce \u003c= 1.0.9 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T09:51:46.082Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/registration-form-for-woocommerce/vulnerability/wordpress-registration-form-for-woocommerce-plugin-1-0-9-privilege-escalation-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress Registration Form for WooCommerce Plugin to the latest available version (at least 1.1.0)."
}
],
"value": "Update the WordPress Registration Form for WooCommerce Plugin to the latest available version (at least 1.1.0)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Registration Form for WooCommerce plugin \u003c= 1.0.9 - Privilege Escalation vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-54807",
"datePublished": "2026-06-17T09:51:46.082Z",
"dateReserved": "2026-06-16T09:21:34.477Z",
"dateUpdated": "2026-06-17T12:15:13.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-49081 (GCVE-0-2026-49081)
Vulnerability from cvelistv5 – Published: 2026-06-17 09:51 – Updated: 2026-06-17 14:31
VLAI
EPSS
VEX
Title
WordPress User Registration Stripe plugin <= 1.3.12 - Broken Access Control vulnerability
Summary
Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.12 versions.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/wordpress/plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ThemeGrill | User Registration Stripe |
Affected:
n/a , ≤ 1.3.12
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-49081",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T14:31:00.765121Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T14:31:15.344Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "user-registration-stripe",
"product": "User Registration Stripe",
"vendor": "ThemeGrill",
"versions": [
{
"changes": [
{
"at": "1.3.13",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.3.12",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "0xd4rk5id3 | Patchstack Bug Bounty Program"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unauthenticated Broken Access Control in User Registration Stripe \u003c= 1.3.12 versions."
}
],
"value": "Unauthenticated Broken Access Control in User Registration Stripe \u003c= 1.3.12 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T09:51:25.629Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/user-registration-stripe/vulnerability/wordpress-user-registration-stripe-plugin-1-3-12-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress User Registration Stripe Plugin to the latest available version (at least 1.3.13)."
}
],
"value": "Update the WordPress User Registration Stripe Plugin to the latest available version (at least 1.3.13)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress User Registration Stripe plugin \u003c= 1.3.12 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-49081",
"datePublished": "2026-06-17T09:51:25.629Z",
"dateReserved": "2026-05-27T10:27:09.956Z",
"dateUpdated": "2026-06-17T14:31:15.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40726 (GCVE-0-2026-40726)
Vulnerability from cvelistv5 – Published: 2026-06-17 09:51 – Updated: 2026-06-17 12:32
VLAI
EPSS
VEX
Title
WordPress User Registration Stripe plugin <= 1.3.14 - Broken Access Control vulnerability
Summary
Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/wordpress/plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ThemeGrill | User Registration Stripe |
Affected:
n/a , ≤ 1.3.14
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40726",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T12:32:29.749096Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T12:32:36.031Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "user-registration-stripe",
"product": "User Registration Stripe",
"vendor": "ThemeGrill",
"versions": [
{
"changes": [
{
"at": "1.3.15",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.3.14",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "0xd4rk5id3 | Patchstack Bug Bounty Program"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unauthenticated Broken Access Control in User Registration Stripe \u003c= 1.3.14 versions."
}
],
"value": "Unauthenticated Broken Access Control in User Registration Stripe \u003c= 1.3.14 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T09:51:00.869Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/user-registration-stripe/vulnerability/wordpress-user-registration-stripe-plugin-1-3-14-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress User Registration Stripe Plugin to the latest available version (at least 1.3.15)."
}
],
"value": "Update the WordPress User Registration Stripe Plugin to the latest available version (at least 1.3.15)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress User Registration Stripe plugin \u003c= 1.3.14 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-40726",
"datePublished": "2026-06-17T09:51:00.869Z",
"dateReserved": "2026-04-15T09:19:20.453Z",
"dateUpdated": "2026-06-17T12:32:36.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42743 (GCVE-0-2026-42743)
Vulnerability from cvelistv5 – Published: 2026-06-15 20:18 – Updated: 2026-06-16 01:23
VLAI
EPSS
VEX
Title
WordPress Masteriyo - LMS plugin <= 2.1.8 - Broken Authentication vulnerability
Summary
Unauthenticated Broken Authentication in Masteriyo - LMS <= 2.1.8 versions.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/wordpress/plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ThemeGrill | Masteriyo - LMS |
Affected:
n/a , ≤ 2.1.8
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42743",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-16T01:09:35.881460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T01:23:35.285Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "learning-management-system",
"product": "Masteriyo - LMS",
"vendor": "ThemeGrill",
"versions": [
{
"changes": [
{
"at": "2.1.9",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.1.8",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "HieuPenguinnn | Patchstack Bug Bounty Program"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unauthenticated Broken Authentication in Masteriyo - LMS \u003c= 2.1.8 versions."
}
],
"value": "Unauthenticated Broken Authentication in Masteriyo - LMS \u003c= 2.1.8 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T20:18:49.676Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/learning-management-system/vulnerability/wordpress-masteriyo-lms-plugin-2-1-8-broken-authentication-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress Masteriyo - LMS Plugin to the latest available version (at least 2.1.9)."
}
],
"value": "Update the WordPress Masteriyo - LMS Plugin to the latest available version (at least 2.1.9)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Masteriyo - LMS plugin \u003c= 2.1.8 - Broken Authentication vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-42743",
"datePublished": "2026-06-15T20:18:49.676Z",
"dateReserved": "2026-04-29T09:05:30.886Z",
"dateUpdated": "2026-06-16T01:23:35.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-39524 (GCVE-0-2026-39524)
Vulnerability from cvelistv5 – Published: 2026-06-15 20:18 – Updated: 2026-06-16 14:27
VLAI
EPSS
VEX
Title
WordPress Masteriyo - LMS plugin <= 2.1.5 - Payment Bypass vulnerability
Summary
Unauthenticated Broken Access Control in Masteriyo - LMS <= 2.1.5 versions.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/wordpress/plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ThemeGrill | Masteriyo - LMS |
Affected:
n/a , ≤ 2.1.5
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-39524",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-16T14:27:00.618818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T14:27:19.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "learning-management-system",
"product": "Masteriyo - LMS",
"vendor": "ThemeGrill",
"versions": [
{
"changes": [
{
"at": "2.1.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.1.5",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "davidfdzmorilla | Patchstack Bug Bounty Program"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unauthenticated Broken Access Control in Masteriyo - LMS \u003c= 2.1.5 versions."
}
],
"value": "Unauthenticated Broken Access Control in Masteriyo - LMS \u003c= 2.1.5 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T20:18:02.164Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/learning-management-system/vulnerability/wordpress-masteriyo-lms-plugin-2-1-5-payment-bypass-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress Masteriyo - LMS Plugin to the latest available version (at least 2.1.6)."
}
],
"value": "Update the WordPress Masteriyo - LMS Plugin to the latest available version (at least 2.1.6)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Masteriyo - LMS plugin \u003c= 2.1.5 - Payment Bypass vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-39524",
"datePublished": "2026-06-15T20:18:02.164Z",
"dateReserved": "2026-04-07T10:48:09.605Z",
"dateUpdated": "2026-06-16T14:27:19.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25425 (GCVE-0-2026-25425)
Vulnerability from cvelistv5 – Published: 2026-06-15 20:17 – Updated: 2026-06-15 22:12
VLAI
EPSS
VEX
Title
WordPress User Registration plugin <= 5.1.2 - Broken Access Control vulnerability
Summary
Unauthenticated Broken Access Control in User Registration <= 5.1.2 versions.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/wordpress/plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ThemeGrill | User Registration |
Affected:
n/a , ≤ 5.1.2
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25425",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-15T22:12:06.678535Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T22:12:41.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "user-registration",
"product": "User Registration",
"vendor": "ThemeGrill",
"versions": [
{
"changes": [
{
"at": "5.1.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.1.2",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "0xd4rk5id3 | Patchstack Bug Bounty Program"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unauthenticated Broken Access Control in User Registration \u003c= 5.1.2 versions."
}
],
"value": "Unauthenticated Broken Access Control in User Registration \u003c= 5.1.2 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T20:17:32.186Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/user-registration/vulnerability/wordpress-user-registration-plugin-5-1-2-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress User Registration Plugin to the latest available version (at least 5.1.3)."
}
],
"value": "Update the WordPress User Registration Plugin to the latest available version (at least 5.1.3)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress User Registration plugin \u003c= 5.1.2 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-25425",
"datePublished": "2026-06-15T20:17:32.186Z",
"dateReserved": "2026-02-02T12:53:34.261Z",
"dateUpdated": "2026-06-15T22:12:41.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-49111 (GCVE-0-2026-49111)
Vulnerability from cvelistv5 – Published: 2026-06-15 12:52 – Updated: 2026-06-15 15:51 X_Open Source
VLAI
EPSS
VEX
Title
WordPress Masteriyo - LMS plugin <= 2.2.0 - Privilege Escalation vulnerability
Summary
Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation.
This issue affects Masteriyo - LMS: from n/a through 2.2.0.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/wordpress/plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ThemeGrill | Masteriyo - LMS |
Affected:
n/a , ≤ 2.2.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-49111",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-15T15:51:27.477676Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T15:51:36.374Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "learning-management-system",
"product": "Masteriyo - LMS",
"vendor": "ThemeGrill",
"versions": [
{
"changes": [
{
"at": "2.2.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.2.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "daroo | Patchstack Bug Bounty Program"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation.\u003cp\u003eThis issue affects Masteriyo - LMS: from n/a through 2.2.0.\u003c/p\u003e"
}
],
"value": "Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation.\n\nThis issue affects Masteriyo - LMS: from n/a through 2.2.0."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T12:52:36.862Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/learning-management-system/vulnerability/wordpress-masteriyo-lms-plugin-2-2-0-privilege-escalation-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress Masteriyo - LMS Plugin to the latest available version (at least 2.2.1)."
}
],
"value": "Update the WordPress Masteriyo - LMS Plugin to the latest available version (at least 2.2.1)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"x_open-source"
],
"title": "WordPress Masteriyo - LMS plugin \u003c= 2.2.0 - Privilege Escalation vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-49111",
"datePublished": "2026-06-15T12:52:36.862Z",
"dateReserved": "2026-05-27T15:12:19.105Z",
"dateUpdated": "2026-06-15T15:51:36.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40730 (GCVE-0-2026-40730)
Vulnerability from cvelistv5 – Published: 2026-04-15 10:21 – Updated: 2026-04-29 09:52
VLAI
EPSS
VEX
Title
WordPress ThemeGrill Demo Importer plugin <= 2.0.0.6 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer themegrill-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeGrill Demo Importer: from n/a through <= 2.0.0.6.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ThemeGrill | ThemeGrill Demo Importer |
Affected:
0 , ≤ 2.0.0.6
(custom)
|
Date Public
2026-04-15 12:20
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-40730",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T15:35:05.429268Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T20:27:31.615Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "themegrill-demo-importer",
"product": "ThemeGrill Demo Importer",
"vendor": "ThemeGrill",
"versions": [
{
"changes": [
{
"at": "2.0.0.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.0.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Steven Julian | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-15T12:20:45.288Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer themegrill-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects ThemeGrill Demo Importer: from n/a through \u003c= 2.0.0.6.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer themegrill-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeGrill Demo Importer: from n/a through \u003c= 2.0.0.6."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T09:52:04.755Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/themegrill-demo-importer/vulnerability/wordpress-themegrill-demo-importer-plugin-2-0-0-6-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress ThemeGrill Demo Importer plugin \u003c= 2.0.0.6 - Broken Access Control vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-40730",
"datePublished": "2026-04-15T10:21:33.831Z",
"dateReserved": "2026-04-15T09:19:28.916Z",
"dateUpdated": "2026-04-29T09:52:04.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9331 (GCVE-0-2025-9331)
Vulnerability from cvelistv5 – Published: 2025-08-22 11:14 – Updated: 2026-04-08 16:33
VLAI
EPSS
VEX
Title
Spacious <= 1.9.11 - Missing Authorization to Autheticated (Subscriber+) Demo Data Import
Summary
The Spacious theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'welcome_notice_import_handler' function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import demo data into the site.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| themegrill | Spacious |
Affected:
0 , ≤ 1.9.11
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9331",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-22T14:00:10.464119Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T14:01:46.285Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spacious",
"vendor": "themegrill",
"versions": [
{
"lessThanOrEqual": "1.9.11",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Spacious theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the \u0027welcome_notice_import_handler\u0027 function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import demo data into the site."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:33:03.456Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/03fd2eee-429c-4053-8105-e1816f99ea91?source=cve"
},
{
"url": "https://themes.trac.wordpress.org/changeset/282946/"
},
{
"url": "https://research.cleantalk.org/cve-2025-9331/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-21T22:13:50.000Z",
"value": "Disclosed"
}
],
"title": "Spacious \u003c= 1.9.11 - Missing Authorization to Autheticated (Subscriber+) Demo Data Import"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-9331",
"datePublished": "2025-08-22T11:14:00.384Z",
"dateReserved": "2025-08-21T21:41:45.367Z",
"dateUpdated": "2026-04-08T16:33:03.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9202 (GCVE-0-2025-9202)
Vulnerability from cvelistv5 – Published: 2025-08-20 06:39 – Updated: 2026-04-08 17:16
VLAI
EPSS
VEX
Title
ColorMag <= 4.0.19 - Missing Authorization to Authenticated (Subscriber+) ThemeGrill Demo Importer Plugin Installation
Summary
The ColorMag theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the welcome_notice_import_handler() function in all versions up to, and including, 4.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the ThemeGrill Demo Importer plugin.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| themegrill | ColorMag |
Affected:
0 , ≤ 4.0.19
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9202",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T17:31:57.271710Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T17:32:33.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ColorMag",
"vendor": "themegrill",
"versions": [
{
"lessThanOrEqual": "4.0.19",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ColorMag theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the welcome_notice_import_handler() function in all versions up to, and including, 4.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the ThemeGrill Demo Importer plugin."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:16:15.896Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b1922b16-e76c-4ee6-83ad-77970c8c25c0?source=cve"
},
{
"url": "https://research.cleantalk.org/CVE-2025-9202"
},
{
"url": "https://themes.trac.wordpress.org/changeset/283558/colormag/4.0.20/inc/admin/class-colormag-welcome-notice.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-19T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "ColorMag \u003c= 4.0.19 - Missing Authorization to Authenticated (Subscriber+) ThemeGrill Demo Importer Plugin Installation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-9202",
"datePublished": "2025-08-20T06:39:50.555Z",
"dateReserved": "2025-08-19T17:37:33.877Z",
"dateUpdated": "2026-04-08T17:16:15.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8595 (GCVE-0-2025-8595)
Vulnerability from cvelistv5 – Published: 2025-08-06 02:24 – Updated: 2026-04-08 16:51
VLAI
EPSS
VEX
Title
Zakra <= 4.1.5 - Missing Authorization to Subscriber+ Demo Import
Summary
The Zakra theme for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the welcome_notice_import_handler() function in all versions up to, and including, 4.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import demo settings.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| themegrill | Zakra |
Affected:
0 , ≤ 4.1.5
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8595",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-06T13:40:16.547545Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T13:40:34.249Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Zakra",
"vendor": "themegrill",
"versions": [
{
"lessThanOrEqual": "4.1.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Zakra theme for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the welcome_notice_import_handler() function in all versions up to, and including, 4.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import demo settings."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:51:32.455Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4da012dc-7e58-479a-813e-762eb28297bf?source=cve"
},
{
"url": "https://themes.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=281307%40zakra%2F4.1.6\u0026old=276128%40zakra%2F4.1.5"
},
{
"url": "https://research.cleantalk.org/cve-2025-8595/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-05T13:58:24.000Z",
"value": "Disclosed"
}
],
"title": "Zakra \u003c= 4.1.5 - Missing Authorization to Subscriber+ Demo Import"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-8595",
"datePublished": "2025-08-06T02:24:11.563Z",
"dateReserved": "2025-08-05T13:56:34.374Z",
"dateUpdated": "2026-04-08T16:51:32.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-33939 (GCVE-0-2024-33939)
Vulnerability from cvelistv5 – Published: 2025-05-19 15:55 – Updated: 2026-04-28 16:09
VLAI
EPSS
VEX
Title
WordPress LMS by Masteriyo plugin <= 1.7.3 - Broken Authentication vulnerability
Summary
Authentication Bypass Using an Alternate Path or Channel vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.7.3.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| masteriyo | Masteriyo - LMS |
Affected:
0 , ≤ 1.7.3
(custom)
|
Date Public
2026-04-01 16:25
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33939",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T16:58:24.182475Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T16:58:29.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "learning-management-system",
"product": "Masteriyo - LMS",
"vendor": "masteriyo",
"versions": [
{
"changes": [
{
"at": "1.7.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Steven Julian | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:25:34.505Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in masteriyo Masteriyo - LMS learning-management-system.\u003cp\u003eThis issue affects Masteriyo - LMS: from n/a through \u003c= 1.7.3.\u003c/p\u003e"
}
],
"value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through \u003c= 1.7.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:47.023Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/learning-management-system/vulnerability/wordpress-lms-by-masteriyo-plugin-1-7-3-broken-authentication-vulnerability?_s_id=cve"
}
],
"title": "WordPress LMS by Masteriyo plugin \u003c= 1.7.3 - Broken Authentication vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-33939",
"datePublished": "2025-05-19T15:55:18.574Z",
"dateReserved": "2024-04-29T08:10:25.154Z",
"dateUpdated": "2026-04-28T16:09:47.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-36837 (GCVE-0-2020-36837)
Vulnerability from cvelistv5 – Published: 2024-10-16 06:43 – Updated: 2024-10-16 18:03
VLAI
EPSS
VEX
Title
ThemeGrill Demo Importer 1.3.4 - 1.6.1 - Authorization Bypass to Site Reset
Summary
The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. This makes it possible for authenticated attackers to reset the WordPress database. After which, if there is a user named 'admin', the attacker will become automatically logged in as an administrator.
Severity
9.9 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| themegrill | ThemeGrill Demo Importer |
Affected:
1.3.4 , ≤ 1.6.1
(semver)
|
|
| themegrill | themegrill_demo_importer |
Affected:
1.3.4 , ≤ 1.6.1
(semver)
cpe:2.3:a:themegrill:themegrill_demo_importer:*:*:*:*:*:wordpress:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:themegrill:themegrill_demo_importer:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "themegrill_demo_importer",
"vendor": "themegrill",
"versions": [
{
"lessThanOrEqual": "1.6.1",
"status": "affected",
"version": "1.3.4",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36837",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T15:33:00.739470Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T18:03:47.811Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThemeGrill Demo Importer",
"vendor": "themegrill",
"versions": [
{
"lessThanOrEqual": "1.6.1",
"status": "affected",
"version": "1.3.4",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dave Jong"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. This makes it possible for authenticated attackers to reset the WordPress database. After which, if there is a user named \u0027admin\u0027, the attacker will become automatically logged in as an administrator."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T06:43:35.980Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8c0dc694-854e-4f96-8c2d-7251c41a3ee9?source=cve"
},
{
"url": "https://www.webarxsecurity.com/critical-issue-in-themegrill-demo-importer/"
},
{
"url": "https://www.openwall.com/lists/oss-security/2020/02/19/1"
},
{
"url": "https://raw.githubusercontent.com/themegrill/themegrill-demo-importer/master/CHANGELOG.txt"
}
],
"timeline": [
{
"lang": "en",
"time": "2020-02-16T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "ThemeGrill Demo Importer 1.3.4 - 1.6.1 - Authorization Bypass to Site Reset"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2020-36837",
"datePublished": "2024-10-16T06:43:35.980Z",
"dateReserved": "2024-10-15T18:39:42.773Z",
"dateUpdated": "2024-10-16T18:03:47.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}