Lucene search
K

8783 matches found

Vulnrichment
Vulnrichment
added 2026/02/14 6:42 a.m.4 views

CVE-2025-14873 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.5 - Cross-Site Request Forgery

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.5. This is due to the 'callbyroutename' function in the routing layer only validating user capabilities without enforcing...

4.3CVSS5.4AI score0.00143EPSS
Exploits0References2
CVE
CVE
added 2026/02/14 6:42 a.m.10 views

CVE-2025-14873

The CVE-2025-14873 CSRF vulnerability exists in LatePoint for WordPress (up to version 5.2.5). It arises because call_by_route_name does not enforce nonce verification, allowing unauthenticated attackers to induce site administrators to perform actions via forged requests. Remediation: update to ...

4.3CVSS5.3AI score0.00143EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/14 6:42 a.m.5 views

CVE-2025-14873

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.5. This is due to the 'callbyroutename' function in the routing layer only validating user capabilities without enforcing...

4.3CVSS5.3AI score0.00143EPSS
Exploits0References3
NVD
NVD
added 2026/02/14 5:16 a.m.8 views

CVE-2026-1983

The SEATT: Simple Event Attendance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This is due to missing nonce validation on the event deletion functionality. This makes it possible for unauthenticated attackers to delete arbitrary...

4.3CVSS0.00124EPSS
Exploits0References3
CVE
CVE
added 2026/02/14 4:35 a.m.15 views

CVE-2026-1983

CVE-2026-1983 concerns the SEATT: Simple Event Attendance plugin for WordPress. The Wordfence entry states this vuln is a Cross-Site Request Forgery (CSRF) flaw present in all versions up to 1.5.0, caused by missing nonce validation on event deletion. This enables unauthenticated attackers to tri...

4.3CVSS5.7AI score0.00124EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/14 4:35 a.m.5 views

CVE-2026-1983 SEATT: Simple Event Attendance <= 1.5.0 - Cross-Site Request Forgery to Arbitrary Event Deletion

The SEATT: Simple Event Attendance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This is due to missing nonce validation on the event deletion functionality. This makes it possible for unauthenticated attackers to delete arbitrary...

4.3CVSS5.7AI score0.00124EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.7 views

PT-2026-8074

The WP Quick Contact Us plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin's settings vi...

4.3CVSS5.3AI score0.00153EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.8 views

PT-2026-8058

The MDirector Newsletter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.8. This is due to missing nonce verification on the mdirectorNewsletterSave function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.3AI score0.00163EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.7 views

PT-2026-8059

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.5. This is due to the 'call by route name' function in the routing layer only validating user capabilities without enforci...

4.3CVSS5.3AI score0.00143EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.11 views

PT-2026-8073

Name of the Vulnerable Software and Affected Versions midi-Synth plugin for WordPress versions up to and including 1.1.0 Description The midi-Synth plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type and file extension validation within the 'export' AJAX...

9.8CVSS6.5AI score0.04458EPSS
Exploits1References14
NVD
NVD
added 2026/02/13 6:16 a.m.5 views

CVE-2025-15520

The RegistrationMagic WordPress plugin before 6.0.7.2 checks nonces but not capabilities, allowing for the disclosure of some sensitive data to subscribers and above...

4.3CVSS0.00171EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/13 6:0 a.m.5 views

CVE-2025-15520 RegistrationMagic <= 6.0.7.2 - Subscriber+ Sensitive Data Disclosure

The RegistrationMagic WordPress plugin before 6.0.7.2 checks nonces but not capabilities, allowing for the disclosure of some sensitive data to subscribers and above...

5.5AI score0.00171EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/13 6:0 a.m.31 views

CVE-2025-15520 RegistrationMagic <= 6.0.7.2 - Subscriber+ Sensitive Data Disclosure

The RegistrationMagic WordPress plugin before 6.0.7.2 checks nonces but not capabilities, allowing for the disclosure of some sensitive data to subscribers and above...

0.00171EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/13 6:0 a.m.7 views

CVE-2025-15520

The RegistrationMagic WordPress plugin before 6.0.7.2 checks nonces but not capabilities, allowing for the disclosure of some sensitive data to subscribers and above...

5.5AI score0.00171EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/02/13 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-26014

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pion DTLS is a Go implementation of Datagram Transport Layer Security. Pion DTLS versions v1.0.0 through v3.0.10 and 3.1.0 use random nonce generation with AES...

5.9CVSS5.8AI score0.00619EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/12 1:43 p.m.7 views

CVE-2026-1215

The MMA Call Tracking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.15. This is due to missing nonce validation when saving plugin configuration on the mmacalltrackingmenu admin page. This makes it possible for unauthenticated attackers...

4.3CVSS5.4AI score0.0016EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/12 9:13 a.m.7 views

CVE-2026-26014

A vulnerability has been identified in the Pion DTLS implementation where the use of random nonce generation with AES-GCM ciphers does not adhere to recommended cryptographic practices. Under certain conditions, this may allow remote attackers to more easily derive or reuse encryption...

5.9CVSS5.5AI score0.00619EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/02/11 10:18 p.m.4 views

CVE-2026-26215 manga-image-translator Shared API Unsafe Deserialization RCE

manga-image-translator version beta-0.3 and prior in shared API mode contains an unsafe deserialization vulnerability that can lead to unauthenticated remote code execution. The FastAPI endpoints /simpleexecute/method and /execute/method deserialize attacker-controlled request bodies using...

9.3CVSS6.6AI score0.00923EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/02/11 10:18 p.m.25 views

CVE-2026-26215 manga-image-translator Shared API Unsafe Deserialization RCE

manga-image-translator version beta-0.3 and prior in shared API mode contains an unsafe deserialization vulnerability that can lead to unauthenticated remote code execution. The FastAPI endpoints /simpleexecute/method and /execute/method deserialize attacker-controlled request bodies using...

9.3CVSS0.00923EPSS
Exploits1References6
CVE
CVE
added 2026/02/11 10:18 p.m.17 views

CVE-2026-26215

CVE-2026-26215 affects manga-image-translator, beta-0.3 and earlier, in shared API mode. The vulnerability is an unsafe deserialization via Python's pickle.loads() in FastAPI endpoints /simple_execute/{method} and /execute/{method}, processing attacker-controlled request bodies without validation...

9.3CVSS6.6AI score0.00923EPSS
Exploits1References6
Rows per page
Query Builder