Edmonparker Read More Accordion vulnerabilities
4 known vulnerabilities affecting edmonparker/read_more_accordion.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2026-7467P2HIGHCVSS 8.8≤ 3.5.72026-05-20
CVE-2026-7467 [HIGH] CWE-269 CVE-2026-7467: The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escalation in all versions
The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.7. This is due to the 'RadMoreAjax::importData' function not restricting which database tables can be written to during import and not properly validating the imported data. This makes it possible for authenticated attackers, wi
nvd
CVE-2025-0810P3HIGHCVSS 7.5≤ 3.4.72025-04-05
CVE-2025-0810 [HIGH] CWE-352 CVE-2025-0810: The Read More & Accordion plugin for WordPress is vulnerable to Cross-Site Request Forgery in all ve
The Read More & Accordion plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.7. This is due to missing or incorrect nonce validation on the addNewButtons() function. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files via a forged request granted they can
nvd
CVE-2026-7472P4MEDIUMCVSS 4.9≤ 3.5.72026-05-20
CVE-2026-7472 [MEDIUM] CWE-89 CVE-2026-7472: The Read More & Accordion plugin for WordPress is vulnerable to time-based blind SQL Injection via t
The Read More & Accordion plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.5.7. This is due to the use of esc_sql() without surrounding the value in quotes in an ORDER BY clause inside the getAllDataByLimit() and getAccordionAllDataByLimit() functions in ReadMoreDat
nvd
CVE-2024-13639P4MEDIUMCVSS 4.3≤ 3.4.22025-02-13
CVE-2024-13639 [MEDIUM] CWE-862 CVE-2024-13639: The Read More & Accordion plugin for WordPress is vulnerable to unauthorized modification and loss o
The Read More & Accordion plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the expmDeleteData() function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary 'read more' posts.
nvd