Lucene search
K

8783 matches found

Positive Technologies
Positive Technologies
added 2026/01/24 12:0 a.m.15 views

PT-2026-4605

The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to update plugin setting...

4.3CVSS5.5AI score0.0016EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/01/24 12:0 a.m.10 views

PT-2026-4578

The Alex User Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0. This is due to missing nonce validation on the alex user counter function function. This makes it possible for unauthenticated attackers to update the plugin settings...

4.3CVSS5.5AI score0.00158EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/24 12:0 a.m.14 views

PT-2026-4579

The ZT Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to improper nonce validation on the save ztcpt captcha settings action where the nonce check can be bypassed by sending an empty token value. This makes it...

4.3CVSS5.5AI score0.00191EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/23 5:26 p.m.4 views

CVE-2025-14947

The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcallbackcreatebunnystreamvideo, ajaxcallbackgetbunnystreamvideo, and ajaxcallbackdeletebunnystreamvideo functions in all versions up to, and including,...

6.5CVSS5.9AI score0.00369EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.9 views

PT-2026-4521

Name of the Vulnerable Software and Affected Versions All-in-One Video Gallery plugin for WordPress versions through 4.6.4 Description The All-in-One Video Gallery plugin for WordPress is susceptible to unauthorized data modification because of a missing capability check on the ajax callback crea...

6.5CVSS5.3AI score0.00369EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/01/22 1:30 a.m.7 views

CVE-2025-15521

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating a user's identity prior to updating their password...

9.8CVSS5.8AI score0.00354EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.5 views

WordPress plugin SearchAzon has a cross-site request forgeing vulnerability.

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.7AI score0.00107EPSS
Exploits0References1
Veracode
Veracode
added 2026/01/21 7:45 a.m.7 views

Cryptographic Weakness

Elliptic is vulnerable to cryptographic weakness. The vulnerability is due to incorrect byte-length computation and truncation of the RFC 6979 deterministic nonce k when it contains leading zeros, which results in faulty signatures and allows an attacker, under certain conditions, to derive the...

5.6CVSS5.9AI score0.00161EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/21 6:33 a.m.12 views

CVE-2025-12573

The Bookingor WordPress plugin through 1.0.12 exposes authenticated AJAX actions without capability or nonce checks, allowing low-privileged users to delete Bookingor WordPress plugin through 1.0.12 data...

6.5CVSS5.4AI score0.00174EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/21 1:32 a.m.6 views

CVE-2026-1051

The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.1.0. This is due to missing or incorrect nonce validation on the hooknewsletteraction function. This makes it possible for unauthenticated...

4.3CVSS5.5AI score0.00104EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/21 1:23 a.m.7 views

CVE-2025-15521

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating a user's identity prior to updating their password...

9.8CVSS5.6AI score0.00354EPSS
Exploits1References3
EUVD
EUVD
added 2026/01/21 1:23 a.m.9 views

EUVD-2026-3698

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating a user's identity prior to updating their password...

9.8CVSS5.8AI score0.00354EPSS
Exploits1References3
CVE
CVE
added 2026/01/21 1:23 a.m.31 views

CVE-2025-15521

The CVE-2025-15521 entry describes an unauthenticated privilege-escalation in the Academy LMS – WordPress LMS Plugin for Complete eLearning Solution, affecting versions up to 3.5.0. The root cause is improper identity validation during password updates: the reset handler accepts a publicly expose...

9.8CVSS5.8AI score0.00354EPSS
In wildExploits1References2
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.8 views

PT-2026-3751

Name of the Vulnerable Software and Affected Versions Academy LMS – WordPress LMS Plugin for Complete eLearning Solution versions prior to 3.5.1 Description The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution is susceptible to privilege escalation through account takeover. The...

9.8CVSS5.4AI score0.00354EPSS
Exploits1References14
VulnCheck KEV
VulnCheck KEV
added 2026/01/21 12:0 a.m.9 views

VulnCheck KEV: CVE-2025-15521

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating a user's identity prior to updating their password...

9.8CVSS5.9AI score0.00354EPSS
In wildExploits1References2
NVD
NVD
added 2026/01/20 6:16 a.m.5 views

CVE-2025-12573

The Bookingor WordPress plugin through 1.0.12 exposes authenticated AJAX actions without capability or nonce checks, allowing low-privileged users to delete Bookingor WordPress plugin through 1.0.12 data...

6.5CVSS0.00174EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/20 6:0 a.m.22 views

CVE-2025-12573 Bookingor <= 1.0.12 - Subscriber+ Category Deletion

The Bookingor WordPress plugin through 1.0.12 exposes authenticated AJAX actions without capability or nonce checks, allowing low-privileged users to delete Bookingor WordPress plugin through 1.0.12 data...

0.00174EPSS
Exploits0References1
NVD
NVD
added 2026/01/20 2:15 a.m.8 views

CVE-2026-1051

The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.1.0. This is due to missing or incorrect nonce validation on the hooknewsletteraction function. This makes it possible for unauthenticated...

4.3CVSS0.00104EPSS
Exploits0References2
CVE
CVE
added 2026/01/20 1:22 a.m.10 views

CVE-2026-1051

CVE-2026-1051 (Newsletter – Send awesome emails from WordPress) is a CSRF vulnerability in all versions up to 9.1.0 caused by missing/incorrect nonce validation in hook_newsletter_action(), enabling unauthenticated attackers to unsubscribe newsletter subscribers via a forged request if they can l...

4.3CVSS5.5AI score0.00104EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/20 1:22 a.m.3 views

CVE-2026-1051 Newsletter – Send awesome emails from WordPress <= 9.1.0 - Cross-Site Request Forgery to Newsletter Unsubscription

The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.1.0. This is due to missing or incorrect nonce validation on the hooknewsletteraction function. This makes it possible for unauthenticated...

4.3CVSS5.5AI score0.00104EPSS
Exploits0References2
Rows per page
Query Builder