CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-28994 – WordPress Viral Loops WP Integration <= 3.8.1 - Broken Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2025-28994
05 Jun 2025 — Missing Authorization vulnerability in viralloops Viral Loops WP Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Viral Loops WP Integration: from n/a through 3.8.1. The Viral Loops WP Integration plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an una... • https://patchstack.com/database/wordpress/plugin/viral-loops-wp-integration/vulnerability/wordpress-viral-loops-wp-integration-3-8-1-broken-access-control-vulnerability-2?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-28995 – WordPress Viral Loops WP Integration <= 3.8.1 - Broken Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2025-28995
05 Jun 2025 — Missing Authorization vulnerability in viralloops Viral Loops WP Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Viral Loops WP Integration: from n/a through 3.8.1. The Viral Loops WP Integration plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.8.1. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/wordpress/plugin/viral-loops-wp-integration/vulnerability/wordpress-viral-loops-wp-integration-3-8-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31842 – WordPress Viral Loops WP Integration Plugin <= 3.4.0 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-31842
01 Apr 2025 — Insertion of Sensitive Information Into Sent Data vulnerability in viralloops Viral Loops WP Integration allows Retrieve Embedded Sensitive Data. This issue affects Viral Loops WP Integration: from n/a through 3.4.0. The Viral Loops WP Integration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.8.1. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/wordpress/plugin/viral-loops-wp-integration/vulnerability/wordpress-viral-loops-wp-integration-plugin-3-4-0-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •