Lucene search
K

8787 matches found

NVD
NVD
added 2026/01/16 7:15 a.m.6 views

CVE-2025-14853

The LEAV Last Email Address Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions = 1.7.1. This is due to missing or incorrect nonce validation on the displaysettingspage function. This makes it possible for unauthenticated attackers to modify plugin settings via ...

4.3CVSS0.00131EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/16 6:43 a.m.6 views

CVE-2025-14853

The LEAV Last Email Address Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions = 1.7.1. This is due to missing or incorrect nonce validation on the displaysettingspage function. This makes it possible for unauthenticated attackers to modify plugin settings via ...

4.3CVSS5.2AI score0.00131EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/16 6:43 a.m.4 views

CVE-2025-14853 LEAV Last Email Address Validator <= 1.7.1 - Cross-Site Request Forgery to Plugin Settings Update

The LEAV Last Email Address Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions = 1.7.1. This is due to missing or incorrect nonce validation on the displaysettingspage function. This makes it possible for unauthenticated attackers to modify plugin settings via ...

4.3CVSS5.3AI score0.00131EPSS
Exploits0References4
NVD
NVD
added 2026/01/16 5:16 a.m.6 views

CVE-2025-12641

The Awesome Support - WordPress HelpDesk & Support Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in all versions up to, and including, 6.3.6. This is due to the 'wpasdomractivateuser' function not verifying that a user has permission to modify other...

6.5CVSS0.00363EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/01/16 4:44 a.m.3 views

CVE-2025-12641

The Awesome Support - WordPress HelpDesk & Support Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in all versions up to, and including, 6.3.6. This is due to the 'wpasdomractivateuser' function not verifying that a user has permission to modify other...

6.5CVSS5.5AI score0.00363EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/01/16 4:44 a.m.3 views

CVE-2025-12641 Awesome Support – WordPress HelpDesk & Support Plugin <= 6.3.6 - Missing Authorization to Unauthenticated Role Demotion

The Awesome Support - WordPress HelpDesk & Support Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in all versions up to, and including, 6.3.6. This is due to the 'wpasdomractivateuser' function not verifying that a user has permission to modify other...

6.5CVSS5.4AI score0.00363EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/01/16 4:44 a.m.25 views

CVE-2025-12641 Awesome Support – WordPress HelpDesk & Support Plugin <= 6.3.6 - Missing Authorization to Unauthenticated Role Demotion

The Awesome Support - WordPress HelpDesk & Support Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in all versions up to, and including, 6.3.6. This is due to the 'wpasdomractivateuser' function not verifying that a user has permission to modify other...

6.5CVSS0.00363EPSS
Exploits0References6
CVE
CVE
added 2026/01/16 4:44 a.m.18 views

CVE-2025-12641

CVE-2025-12641 affects the Awesome Support – WordPress HelpDesk & Support Plugin for WordPress (versions up to 6.3.6). The vulnerability is an authorization bypass caused by missing capabilities checks in wpas_do_mr_activate_user and a nonce namespace issue that allows unauthenticated attackers t...

6.5CVSS5.4AI score0.00363EPSS
Exploits0References6
OSV
OSV
added 2026/01/16 12:16 a.m.7 views

CVE-2021-47812

GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce parameter to inject base64-encoded payloads and create malicious custom jobs with...

9.8CVSS6AI score0.01987EPSS
Exploits1References3
NVD
NVD
added 2026/01/16 12:16 a.m.6 views

CVE-2021-47812

GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce parameter to inject base64-encoded payloads and create malicious custom jobs with...

9.8CVSS0.01987EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/16 12:0 a.m.5 views

PT-2026-3211

The Awesome Support - WordPress HelpDesk & Support Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in all versions up to, and including, 6.3.6. This is due to the 'wpas do mr activate user' function not verifying that a user has permission to modify oth...

6.5CVSS5.7AI score0.00363EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/01/16 12:0 a.m.5 views

PT-2026-3224

The LEAV Last Email Address Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions = 1.7.1. This is due to missing or incorrect nonce validation on the display settings page function. This makes it possible for unauthenticated attackers to modify plugin settings vi...

4.3CVSS5.6AI score0.00131EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.6 views

MiracleLinux 7 : httpd-2.4.6-89.0.1.el7.AXS7 (AXSA:2019-3965:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-3965:02 advisory. httpd: Weak Digest auth nonce generation in modauthdigest CVE-2018-1312 Tenable has extracted the preceding description block directly from the MiracleLinux...

9.8CVSS6.4AI score0.15885EPSS
Exploits0References2
CVE
CVE
added 2026/01/15 11:25 p.m.16 views

CVE-2021-47812

GravCMS 1.10.7 is affected by CVE-2021-47812, with an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code via the scheduler endpoint. Exploitation centers on the admin-nonce parameter to inject base64-encoded payloads and create ma...

9.8CVSS7.7AI score0.01987EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/15 11:25 p.m.4 views

CVE-2021-47812

GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce parameter to inject base64-encoded payloads and create malicious custom jobs with...

9.8CVSS6.1AI score0.01987EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/15 11:25 p.m.4 views

CVE-2021-47812 GravCMS 1.10.7 - Arbitrary YAML Write/Update (Unauthenticated) (2)

GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce parameter to inject base64-encoded payloads and create malicious custom jobs with...

9.8CVSS7.7AI score0.01987EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/15 11:25 p.m.26 views

CVE-2021-47812 GravCMS 1.10.7 - Arbitrary YAML Write/Update (Unauthenticated) (2)

GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce parameter to inject base64-encoded payloads and create malicious custom jobs with...

9.8CVSS0.01987EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2026/01/15 12:58 p.m.210 views

Exploit for Unrestricted Upload of File with Dangerous Type in Greenshiftwp Greenshift_-_Animation_And_Page_Builder_Blocks

Metasploit Module: Greenshift WordPress Plugin Arbitrary File...

8.8CVSS7.6AI score0.02027EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/01/15 7:23 a.m.7 views

CVE-2025-15376

The Stopwords for comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the 'setstopwordsforcomments' and 'deletestopwordsforcomments' functions. This makes it possible for unauthenticated...

4.3CVSS5.3AI score0.00102EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/15 7:23 a.m.8 views

CVE-2025-14846

The SocialChamp with WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.5. This is due to missing nonce validation on the wpscsettingstabmenu function. This makes it possible for unauthenticated attackers to modify plugin settings...

4.3CVSS5.8AI score0.00124EPSS
Exploits0References1
Rows per page
Query Builder