Lucene search
K

150 matches found

CVE
CVE
added 2 days ago9 views

CVE-2026-61952

Summary: CVE-2026-61952 affects the WordPress WooCommerce plugin “WooCommerce Bulk Edit Products – WP Sheet Editor” (versions up to and including 1.8.21). The issue is a broken access control due to missing authorization, enabling exploitation through insecure access control configurations. Affec...

4.9CVSS6.1AI score0.00193EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 4:7 p.m.7 views

EUVD-2026-41055

Missing Authorization vulnerability in Webba Plugins Webba Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Webba Booking: from n/a through 6.4.13...

5.3CVSS5.8AI score0.002EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:34 p.m.7 views

EUVD-2026-39398

Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PPOM for WooCommerce: from n/a through 33.0.18...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 10:16 a.m.15 views

CVE-2026-8296

In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting Payload via artifacts...

5.6CVSS0.00198EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/19 9:23 a.m.7 views

CVE-2026-8296

In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting Payload via artifacts...

5.6CVSS5.8AI score0.00198EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/19 9:23 a.m.23 views

CVE-2026-8296

CVE-2026-8296 affects Octopus Server. Affected versions permit embedding a Cross-Site Scripting (XSS) payload via artifacts when an attacker has high privileges and certain access levels; exploitation requires user interaction. CVSSv4 base score 5.6 (MEDIUM); attack vector NETWORK; attack complex...

5.6CVSS5.8AI score0.00198EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 9:23 a.m.31 views

CVE-2026-8296

In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting Payload via artifacts...

5.6CVSS0.00198EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 9:23 a.m.11 views

EUVD-2026-38000

In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting Payload via artifacts...

5.6CVSS5.8AI score0.00198EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-50868

Name of the Vulnerable Software and Affected Versions Octopus Server affected versions not specified Description Certain access levels allow the embedding of a Cross-Site Scripting XSS payload via artifacts. Cross-Site Scripting is a flaw that allows an attacker to inject malicious scripts into w...

5.6CVSS5.8AI score0.00198EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/01 2:17 p.m.20 views

praisonai-platform: Project endpoints accept any project_id without workspace ownership check, cross-workspace read/update/delete IDOR

Summary Type: Insecure Direct Object Reference. The project CRUD endpoints GET / PATCH / DELETE /workspaces/workspaceid/projects/projectid and GET .../projectid/stats gate access on requireworkspacememberworkspaceid only, then resolve projectid through ProjectService.getprojectid / updateprojecti...

5.8AI score0.00032EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/27 3:16 p.m.19 views

CVE-2026-49047

Missing Authorization vulnerability in DearHive DearFlip allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects DearFlip: from n/a through 2.4.27...

4.3CVSS0.00162EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 3:16 p.m.16 views

CVE-2026-49045

Missing Authorization vulnerability in WP Media Adminimize allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Adminimize: from n/a through 1.11.11...

4.3CVSS0.00213EPSS
Exploits0References1
CVE
CVE
added 2026/05/25 10:42 p.m.27 views

CVE-2026-32389

The CVE affects WordPress NanoCare theme prior to version 1.2.2, where a Missing Authorization vulnerability enables Broken Access Control due to incorrectly configured access control security levels in NanoCare. Affected component is the NanoCare WordPress theme; root cause is improper authoriza...

5.4CVSS5.8AI score0.00223EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 6:45 a.m.10 views

CVE-2026-4094

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'adminhead' function in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with Contributor-lev...

8.1CVSS5.7AI score0.00273EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/12 4:32 p.m.10 views

CVE-2026-25431 WordPress Hustle plugin <= 7.8.10.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPMU DEV Hustle allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hustle: through 7.8.10.1...

5.3CVSS5.8AI score0.00231EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 7:49 a.m.7 views

CVE-2026-39432 WordPress Timetics plugin <= 1.0.53 - Broken Access Control vulnerability

Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Timetics: from n/a through 1.0.53...

8.2CVSS5.8AI score0.00244EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/22 9:31 a.m.7 views

EUVD-2026-24654

The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in all versions up to and including 1.0.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The ttttwitteetweeter...

6.4CVSS5.9AI score0.00288EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/15 10:21 a.m.3 views

CVE-2026-40728 WordPress Magazine Blocks plugin <= 1.8.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in BlockArt Magazine Blocks magazine-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Magazine Blocks: from n/a through = 1.8.3...

4.3CVSS5.8AI score0.00144EPSS
Exploits0References1
CVE
CVE
added 2026/04/15 10:21 a.m.9 views

CVE-2026-40728

The CVE-2026-40728 entry documents a Missing Authorization vulnerability in the WordPress Magazine Blocks plugin (BlockArt magazine-blocks) affecting versions up to 1.8.3. The issue arises from incorrectly configured access control security levels, enabling exploitation due to insufficient author...

4.3CVSS5.8AI score0.00144EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.1 views

CVE-2026-39610

Missing Authorization vulnerability in Pankaj Kumar WpXmas-Snow wpxmas-snow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpXmas-Snow: from n/a through = 1.1...

5.9AI score0.00214EPSS
Exploits0References2
Rows per page
Query Builder