cleantalk
Vulnerabilities and Security Researches

Connect to external APIs – WPGetAPI, 89d2b0cb158117bdc01ff2aa0f0b5a2b8217df1c

CVE, Research URL

89d2b0cb158117bdc01ff2aa0f0b5a2b8217df1c

Home page URL

Security reports for Connect to external APIs – WPGetAPI

Application

Connect to external APIs – WPGetAPI

Published on
Oct 02, 2023
Research Description
WPGet API &#8211; Connect to any external REST API [wpgetapi] < 2.2.2 WPGetAPI 2.1.0 - 2.2.1 - Authenticated (Subscriber+) Arbitrary Options Update The WPGetAPI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_endpoints() function in versions 2.1.0 - 2.2.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options which can be leveraged for privilege escalation.
Affected versions
Min 2.1.0, max 2.2.2.
Status
vulnerable
Previous vulnerability researches
Connect to external APIs &#8211; WPGetAPI (89d2b0cb158117bdc01ff2aa0f0b5a2b8217df1c) , Jun 07, 2024
Connect to external APIs &#8211; WPGetAPI (CVE-2024-13857) , Mar 08, 2025
New vulnerability
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX &#8211; Best FOMO, Social Proof, WooCommerce Sales Popup &amp; Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System &#8211; Booking Calendar (CVE-2025-68515) , Mar 31, 2026
UPI QR Code Payment Gateway for WooCommerce (CVE-2025-67969) , Mar 31, 2026