Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total4
Critical0
High0
Medium4
Reset
Showing 1-4 of 4 records
Threat Entry Updated 2026-03-23

CVE-2026-3645 - Landing Page Builder Plugin

The Punnel – Landing Page Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.1. The save_config() function, which handles the 'punnel_save_config' AJAX action, lacks any capability check (current_user_can()) and nonce verification. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite the plugin's entire configuration including the API key via a POST request to admin-ajax.php. Once the API key is known (because the attacker set it), the attacker can use the plugin's public API endpoint (sniff_requests() at /?punnel_api=1)…

PLUGIN Landing Page Builder

CVE-2026-3645

MEDIUM CVSS 5.3 2026-03-21
Open Full Technical Breakdown
Threat Entry Updated 2025-12-08

CVE-2025-12165 - Landing Page Builder Plugin

The Webcake – Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'webcake_save_config' AJAX endpoint in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin's settings.

PLUGIN Landing Page Builder

CVE-2025-12165

MEDIUM CVSS 4.3 2025-12-05
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-48325 - Landing Page Builder Plugin

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages.This issue affects Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages: from n/a through 1.5.1.5.

PLUGIN Landing Page Builder

CVE-2023-48325

MEDIUM CVSS 4.7 2023-12-07
Open Full Technical Breakdown
Scroll to top