CVE-2025-15476 – The Bucketlister

CVE ID : CVE-2025-15476

Published : Feb. 7, 2026, 8:26 a.m. | 52 minutes ago

Description : The The Bucketlister plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bucketlister_do_admin_ajax() function in all versions up to, and including, 0.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add delete or modify arbitrary bucket list items.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-2080 – UTT HiPER 810 formUser setSysAdm command injection

CVE-2026-2079 – yeqifu warehouse Menu Management MenuController.java deleteMenu improper authorization

CVE-2026-1573 – OMIGO

CVE-2025-15477 – The Bucketlister