Lucene search
K

8783 matches found

Cvelist
Cvelist
added 2026/01/20 1:22 a.m.20 views

CVE-2026-1051 Newsletter – Send awesome emails from WordPress <= 9.1.0 - Cross-Site Request Forgery to Newsletter Unsubscription

The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.1.0. This is due to missing or incorrect nonce validation on the hooknewsletteraction function. This makes it possible for unauthenticated...

4.3CVSS0.00104EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/20 1:22 a.m.5 views

CVE-2026-1051

The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.1.0. This is due to missing or incorrect nonce validation on the hooknewsletteraction function. This makes it possible for unauthenticated...

4.3CVSS5.4AI score0.00104EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 8 : firefox-115.9.1-1.el8.ML.1 (AXSA:2024-7652:13)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-7652:13 advisory. nss: timing attack against RSA decryption CVE-2023-5388 Mozilla: Crash in NSS TLS method CVE-2024-0743 Mozilla: JIT code failed to save return...

8.8CVSS8.8AI score0.047EPSS
Exploits4References11
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.8 views

PT-2026-3532

The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.1.0. This is due to missing or incorrect nonce validation on the hook newsletter action function. This makes it possible for unauthenticated...

4.3CVSS5.5AI score0.00104EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/18 2:26 a.m.7 views

CVE-2025-14075

The WP Hotel Booking plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.7. This is due to the plugin exposing the 'hotelbookingfetchcustomerinfo' AJAX action to unauthenticated users without proper capability checks, relying only on a...

5.3CVSS5.5AI score0.0026EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/17 9:15 a.m.17 views

CVE-2025-14757

The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Payment Status Bypass in all versions up to, and including, 3.6.9 only when used in combination with Cost Calculator Builder PRO. This is due to the completepayment AJAX action being registered via wpajaxnopriv,...

5.3CVSS6.4AI score0.00327EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/17 7:15 a.m.6 views

CVE-2025-14853

The LEAV Last Email Address Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions = 1.7.1. This is due to missing or incorrect nonce validation on the displaysettingspage function. This makes it possible for unauthenticated attackers to modify plugin settings via ...

4.3CVSS5.6AI score0.00131EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/17 5:22 a.m.10 views

CVE-2025-12641

The Awesome Support - WordPress HelpDesk & Support Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in all versions up to, and including, 6.3.6. This is due to the 'wpasdomractivateuser' function not verifying that a user has permission to modify other...

6.5CVSS5.7AI score0.00363EPSS
Exploits0References1
CVE
CVE
added 2026/01/17 2:22 a.m.23 views

CVE-2025-14075

CVE-2025-14075 affects the WP Hotel Booking plugin for WordPress (versions up to and including 2.2.7). The vulnerability exposes the unauthenticated AJAX action hotel_booking_fetch_customer_info without proper capability checks, relying only on a nonce. This allows unauthenticated attackers to re...

5.3CVSS5.2AI score0.0026EPSS
Exploits0References5
EUVD
EUVD
added 2026/01/17 2:22 a.m.8 views

EUVD-2026-3156

The WP Hotel Booking plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.7. This is due to the plugin exposing the 'hotelbookingfetchcustomerinfo' AJAX action to unauthenticated users without proper capability checks, relying only on a...

5.3CVSS5.1AI score0.0026EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/16 11:31 p.m.5 views

CVE-2021-47812

GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce parameter to inject base64-encoded payloads and create malicious custom jobs with...

9.8CVSS7.8AI score0.01987EPSS
Exploits1References1
NVD
NVD
added 2026/01/16 9:15 a.m.5 views

CVE-2025-14757

The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Payment Status Bypass in all versions up to, and including, 3.6.9 only when used in combination with Cost Calculator Builder PRO. This is due to the completepayment AJAX action being registered via wpajaxnopriv,...

5.3CVSS0.00327EPSS
Exploits0References4
CVE
CVE
added 2026/01/16 8:38 a.m.19 views

CVE-2025-14757

CVE-2025-14757 affects Cost Calculator Builder (WordPress) up to version 3.6.9 when used with Cost Calculator Builder PRO. Root cause: the complete_payment AJAX action is registered via wp_ajax_nopriv, allowing unauthenticated access, and the complete() check only validates a nonce, not user capa...

5.3CVSS6AI score0.00327EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/01/16 8:38 a.m.28 views

CVE-2025-14757 Cost Calculator Builder <= 3.6.9 - Missing Authorization to Unauthenticated Payment Status Bypass

The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Payment Status Bypass in all versions up to, and including, 3.6.9 only when used in combination with Cost Calculator Builder PRO. This is due to the completepayment AJAX action being registered via wpajaxnopriv,...

5.3CVSS0.00327EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/16 8:38 a.m.5 views

CVE-2025-14757 Cost Calculator Builder <= 3.6.9 - Missing Authorization to Unauthenticated Payment Status Bypass

The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Payment Status Bypass in all versions up to, and including, 3.6.9 only when used in combination with Cost Calculator Builder PRO. This is due to the completepayment AJAX action being registered via wpajaxnopriv,...

5.3CVSS6AI score0.00327EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/16 8:38 a.m.4 views

CVE-2025-14757

The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Payment Status Bypass in all versions up to, and including, 3.6.9 only when used in combination with Cost Calculator Builder PRO. This is due to the completepayment AJAX action being registered via wpajaxnopriv,...

5.3CVSS5.4AI score0.00327EPSS
Exploits0References5
NVD
NVD
added 2026/01/16 7:15 a.m.6 views

CVE-2025-14853

The LEAV Last Email Address Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions = 1.7.1. This is due to missing or incorrect nonce validation on the displaysettingspage function. This makes it possible for unauthenticated attackers to modify plugin settings via ...

4.3CVSS0.00131EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/16 6:43 a.m.6 views

CVE-2025-14853

The LEAV Last Email Address Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions = 1.7.1. This is due to missing or incorrect nonce validation on the displaysettingspage function. This makes it possible for unauthenticated attackers to modify plugin settings via ...

4.3CVSS5.2AI score0.00131EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/16 6:43 a.m.4 views

CVE-2025-14853 LEAV Last Email Address Validator <= 1.7.1 - Cross-Site Request Forgery to Plugin Settings Update

The LEAV Last Email Address Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions = 1.7.1. This is due to missing or incorrect nonce validation on the displaysettingspage function. This makes it possible for unauthenticated attackers to modify plugin settings via ...

4.3CVSS5.3AI score0.00131EPSS
Exploits0References4
NVD
NVD
added 2026/01/16 5:16 a.m.6 views

CVE-2025-12641

The Awesome Support - WordPress HelpDesk & Support Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in all versions up to, and including, 6.3.6. This is due to the 'wpasdomractivateuser' function not verifying that a user has permission to modify other...

6.5CVSS0.00363EPSS
Exploits0References6
Rows per page
Query Builder