Abi Wiranata

#15962of 53,779
16.9Total CVSS
Vulnerabilities · 3
Medium
3
PT-2026-47140
4.3
2026-06-06
WordPress · Squirrly Seo Plugin · CVE-2026-7624
**Name of the Vulnerable Software and Affected Versions** SEO Plugin by Squirrly SEO versions prior to 12.4.17 **Description** The plugin fails to properly verify if a user is authorized to perform specific actions. This allows authenticated attackers with contributor-level access or higher to execute privileged state-changing cloud API operations. Specifically, attackers can revoke Google Search Console and Google Analytics integrations using the endpoints "api/gsc/revoke" and "api/ga/revoke". These operations are intended to be restricted to administrator-level users possessing the `sq manage settings` capability. **Recommendations** Update to a version later than 12.4.16.
PT-2026-40564
6.5
2026-05-13
WordPress · The Charitable – Donation Plugin · CVE-2026-7619
**Name of the Vulnerable Software and Affected Versions** Charitable – Donation Plugin for WordPress versions prior to 1.8.10.5 **Description** The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress contains a generic SQL Injection flaw. This issue occurs due to insufficient escaping of user-supplied parameters and a lack of proper preparation of the SQL query. Authenticated attackers with access to the donation management admin area and the `edit others donations` capability can append additional SQL queries via the `s` parameter to extract sensitive information from the database. **Recommendations** Update to a version later than 1.8.10.4. As a temporary workaround, restrict access to the donation management admin area to only highly trusted users to minimize the risk of exploitation.
PT-2026-31848
6.1
2026-04-10
WordPress · Royal Wordpress Backup & Restore Plugin · CVE-2026-4305
Name of the Vulnerable Software and Affected Versions The Royal WordPress Backup & Restore Plugin versions up to and including 1.0.16 Description The Royal WordPress Backup & Restore Plugin for WordPress is susceptible to Reflected Cross-Site Scripting through the `wpr pending template` parameter due to inadequate input validation. This allows unauthenticated attackers to inject arbitrary web scripts into pages, which can be executed if an administrator is tricked into performing an action, such as clicking a link. Recommendations Update The Royal WordPress Backup & Restore Plugin to a version later than 1.0.16.