Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities by hancock11
CVE-2026-9178 (GCVE-0-2026-9178)
Vulnerability from cvelistv5 – Published: 2026-06-24 05:33 – Updated: 2026-06-24 12:13
VLAI
Title
WP Forms Connector <= 1.8 - Missing Authorization to Unauthenticated Information Exposure via 'user/list' REST Endpoint
Summary
The WP Forms Connector plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.8. The plugin registers the REST route wp/v3/user/list/<id> (callback userDetail()) with permission_callback set to '__return_true', and the function's home-grown authentication only verifies that the supplied 'Username' HTTP header maps to an administrator account and that a 'Password' HTTP header is non-empty. It never validates the password with wp_check_password() (unlike the sibling delete_wc_user() function which does). This makes it possible for unauthenticated attackers to retrieve sensitive information for any registered user ID — including the WordPress password hash (user_pass) and email address — by sending a request with a valid administrator login name (commonly the default 'admin') and any arbitrary password value.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| hancock11 | WP Forms Connector |
Affected:
0 , ≤ 1.8
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9178",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-24T12:12:27.782825Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T12:13:00.298Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP Forms Connector",
"vendor": "hancock11",
"versions": [
{
"lessThanOrEqual": "1.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "jamaal"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Forms Connector plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.8. The plugin registers the REST route wp/v3/user/list/\u003cid\u003e (callback userDetail()) with permission_callback set to \u0027__return_true\u0027, and the function\u0027s home-grown authentication only verifies that the supplied \u0027Username\u0027 HTTP header maps to an administrator account and that a \u0027Password\u0027 HTTP header is non-empty. It never validates the password with wp_check_password() (unlike the sibling delete_wc_user() function which does). This makes it possible for unauthenticated attackers to retrieve sensitive information for any registered user ID \u2014 including the WordPress password hash (user_pass) and email address \u2014 by sending a request with a valid administrator login name (commonly the default \u0027admin\u0027) and any arbitrary password value."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T05:33:33.451Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f5dfafee-9b6c-4e57-b263-39ff15cd3b51?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-forms-connector/tags/1.8/WP-Forms-Connector.php#L1490"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-forms-connector/tags/1.8/WP-Forms-Connector.php#L1477"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-forms-connector/tags/1.8/WP-Forms-Connector.php#L1464"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-forms-connector/tags/1.8/WP-Forms-Connector.php#L739"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-23T16:39:27.000Z",
"value": "Disclosed"
}
],
"title": "WP Forms Connector \u003c= 1.8 - Missing Authorization to Unauthenticated Information Exposure via \u0027user/list\u0027 REST Endpoint"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-9178",
"datePublished": "2026-06-24T05:33:33.451Z",
"dateReserved": "2026-05-21T14:44:27.753Z",
"dateUpdated": "2026-06-24T12:13:00.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9179 (GCVE-0-2026-9179)
Vulnerability from cvelistv5 – Published: 2026-06-24 05:33 – Updated: 2026-06-24 05:33
VLAI
Title
WP Forms Connector <= 1.8 - Unauthenticated SQL Injection via 'order' Parameter
Summary
The WP Forms Connector plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/wp/v3/post/list REST endpoint in versions up to and including 1.8. This is due to insufficient escaping on the user-supplied 'order' parameter (read directly from $_GET['order'] into $shorting) and the lack of sufficient preparation on the existing SQL query in the listPost() function, where the value is concatenated unquoted into the ORDER BY clause and executed via $wpdb->get_results() without $wpdb->prepare(). The endpoint is registered with permission_callback '__return_true' and performs only a broken header-based check that validates the supplied 'Username' corresponds to an administrator account while never verifying the 'Password'. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity
7.5 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| hancock11 | WP Forms Connector |
Affected:
0 , ≤ 1.8
(semver)
|
Credits
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP Forms Connector",
"vendor": "hancock11",
"versions": [
{
"lessThanOrEqual": "1.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "jamaal"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Forms Connector plugin for WordPress is vulnerable to SQL Injection via the \u0027order\u0027 parameter of the /wp-json/wp/v3/post/list REST endpoint in versions up to and including 1.8. This is due to insufficient escaping on the user-supplied \u0027order\u0027 parameter (read directly from $_GET[\u0027order\u0027] into $shorting) and the lack of sufficient preparation on the existing SQL query in the listPost() function, where the value is concatenated unquoted into the ORDER BY clause and executed via $wpdb-\u003eget_results() without $wpdb-\u003eprepare(). The endpoint is registered with permission_callback \u0027__return_true\u0027 and performs only a broken header-based check that validates the supplied \u0027Username\u0027 corresponds to an administrator account while never verifying the \u0027Password\u0027. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T05:33:23.460Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2cd53590-ded1-4e68-a9a3-aa1d2d880b80?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-forms-connector/tags/1.8/WP-Forms-Connector.php#L1259"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-forms-connector/tags/1.8/WP-Forms-Connector.php#L1244"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-forms-connector/tags/1.8/WP-Forms-Connector.php#L694"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-23T16:39:17.000Z",
"value": "Disclosed"
}
],
"title": "WP Forms Connector \u003c= 1.8 - Unauthenticated SQL Injection via \u0027order\u0027 Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-9179",
"datePublished": "2026-06-24T05:33:23.460Z",
"dateReserved": "2026-05-21T14:46:02.937Z",
"dateUpdated": "2026-06-24T05:33:23.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9286 (GCVE-0-2025-9286)
Vulnerability from cvelistv5 – Published: 2025-10-03 11:17 – Updated: 2026-04-08 16:46
VLAI
Title
Appy Pie Connect for WooCommerce <= 1.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via reset_user_password
Summary
The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the reset_user_password() REST handler in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to to reset the password of arbitrary users, including administrators, thereby gaining administrative access.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-620 - Unverified Password Change
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| hancock11 | Appy Pie Connect for WooCommerce |
Affected:
0 , ≤ 1.1.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9286",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T18:02:51.622311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T18:03:05.831Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Appy Pie Connect for WooCommerce",
"vendor": "hancock11",
"versions": [
{
"lessThanOrEqual": "1.1.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "JohSka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the reset_user_password() REST handler in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to to reset the password of arbitrary users, including administrators, thereby gaining administrative access."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620 Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:46:14.529Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/36fb5b8d-1ea4-45c2-8639-b229efdb57db?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/appy-pie-connect-for-woocommerce/trunk/connect-woocommerce-rest-api.php"
},
{
"url": "https://wordpress.org/plugins/appy-pie-connect-for-woocommerce/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3385150/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-02T22:31:47.000Z",
"value": "Disclosed"
}
],
"title": "Appy Pie Connect for WooCommerce \u003c= 1.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via reset_user_password"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-9286",
"datePublished": "2025-10-03T11:17:10.009Z",
"dateReserved": "2025-08-20T21:29:49.417Z",
"dateUpdated": "2026-04-08T16:46:14.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9286 (GCVE-0-2025-9286)
Vulnerability from nvd – Published: 2025-10-03 11:17 – Updated: 2026-04-08 16:46
VLAI
Title
Appy Pie Connect for WooCommerce <= 1.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via reset_user_password
Summary
The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the reset_user_password() REST handler in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to to reset the password of arbitrary users, including administrators, thereby gaining administrative access.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-620 - Unverified Password Change
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| hancock11 | Appy Pie Connect for WooCommerce |
Affected:
0 , ≤ 1.1.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9286",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T18:02:51.622311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T18:03:05.831Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Appy Pie Connect for WooCommerce",
"vendor": "hancock11",
"versions": [
{
"lessThanOrEqual": "1.1.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "JohSka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the reset_user_password() REST handler in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to to reset the password of arbitrary users, including administrators, thereby gaining administrative access."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620 Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:46:14.529Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/36fb5b8d-1ea4-45c2-8639-b229efdb57db?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/appy-pie-connect-for-woocommerce/trunk/connect-woocommerce-rest-api.php"
},
{
"url": "https://wordpress.org/plugins/appy-pie-connect-for-woocommerce/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3385150/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-02T22:31:47.000Z",
"value": "Disclosed"
}
],
"title": "Appy Pie Connect for WooCommerce \u003c= 1.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via reset_user_password"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-9286",
"datePublished": "2025-10-03T11:17:10.009Z",
"dateReserved": "2025-08-20T21:29:49.417Z",
"dateUpdated": "2026-04-08T16:46:14.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}