Lucene search
K

252 matches found

EUVD
EUVD
added 2026/01/17 3:24 a.m.9 views

EUVD-2026-3155

The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audiourl' parameter. This makes it possible for authenticated attackers, with Administrator-level access, to...

2.2CVSS5.3AI score0.00245EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/01/17 3:24 a.m.26 views

CVE-2026-0682 Church Admin <= 5.0.28 - Authenticated (Administrator+) Blind Server-Side Request Forgery via 'audio_url' Parameter

The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audiourl' parameter. This makes it possible for authenticated attackers, with Administrator-level access, to...

2.2CVSS0.00245EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/01/17 12:0 a.m.11 views

PT-2026-3344

The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audio url' parameter. This makes it possible for authenticated attackers, with Administrator-level access, t...

2.2CVSS5.8AI score0.00245EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.6 views

CVE-2025-14741

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to missing authorization to unauthorized data modification and deletion due to a missing capability check on the 'deleteobject' function in all versions up to, and including, 3.28.25. This makes it possible for unauthenticated...

9.1CVSS5.5AI score0.00353EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/09 7:2 a.m.7 views

WordPress Frontend Admin by DynamiApps plugin <= 3.28.25 - Missing Authorization to Unauthenticated Arbitrary Data Deletion via 'delete post' Form Element vulnerability

Missing Authorization to Unauthenticated Arbitrary Data Deletion via 'delete post' Form Element vulnerability discovered by andrea bocchetti in WordPress Plugin Frontend Admin by DynamiApps versions = 3.28.25...

9.1CVSS7AI score0.00353EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.5 views

WordPress plugin Frontend Admin by DynamiApps 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

7.2CVSS6.3AI score0.00267EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.6 views

WordPress plugin WP Table Builder – Drag & Drop Table Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

9.1CVSS6.6AI score0.00353EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/12/09 10:28 a.m.194 views

Exploit for CVE-2025-13342

CVE-2025-13342 PoC The Frontend Admin by DynamiApps plugin fo...

9.8CVSS6.4AI score0.00464EPSS
Exploits2
NVD
NVD
added 2025/12/08 4:15 p.m.5 views

CVE-2025-61318

Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to exploit this feature...

9.1CVSS0.00613EPSS
Exploits1References1
OSV
OSV
added 2025/12/08 4:15 p.m.5 views

CVE-2025-61318

Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to exploit this feature...

9.1CVSS7.2AI score
Exploits0References1
EUVD
EUVD
added 2025/12/08 12:0 a.m.5 views

EUVD-2025-201728

Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to exploit this feature...

5.3CVSS6.8AI score0.00613EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/08 12:0 a.m.18 views

CVE-2025-61318

Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to exploit this feature...

0.00613EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/08 12:0 a.m.5 views

PT-2025-49559

Name of the Vulnerable Software and Affected Versions Emlog Pro version 2.5.20 Description Emlog Pro 2.5.20 contains a flaw that allows for arbitrary file deletion. This issue is present in the admin/template.php and admin/plugin.php components, which do not properly validate file paths or filter...

9.1CVSS6.9AI score0.00613EPSS
Exploits1References4
CVE
CVE
added 2025/12/08 12:0 a.m.26 views

CVE-2025-61318

CVE-2025-61318 affects Emlog Pro 2.5.20. The vulnerability stems from the admin/template.php and admin/plugin.php components where path validation is missing and deletion parameters are not properly filtered, allowing directory traversal that can lead to arbitrary file deletion. The issue is not ...

9.1CVSS7AI score0.00613EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/04 12:30 p.m.9 views

CVE-2025-13342

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthorized modification of arbitrary WordPress options in all versions up to, and including, 3.28.20. This is due to insufficient capability checks and input validation in the ActionOptions::run save handler. This makes it...

9.8CVSS6AI score0.00464EPSS
Exploits2References1
EUVD
EUVD
added 2025/12/03 12:29 p.m.9 views

EUVD-2025-200979

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthorized modification of arbitrary WordPress options in all versions up to, and including, 3.28.20. This is due to insufficient capability checks and input validation in the ActionOptions::run save handler. This makes it...

9.8CVSS5.5AI score0.00464EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.11 views

PT-2025-48806

Name of the Vulnerable Software and Affected Versions Frontend Admin by DynamiApps plugin for WordPress versions through 3.28.20 Description The Frontend Admin by DynamiApps plugin for WordPress is susceptible to unauthorized modification of arbitrary WordPress options. This is a result of...

9.8CVSS6.3AI score0.00464EPSS
Exploits2References7
RedhatCVE
RedhatCVE
added 2025/12/02 10:31 p.m.9 views

CVE-2025-66310

This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/pages/page endpoint of the Grav application. This...

6.2CVSS5.2AI score0.00182EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/02 10:31 p.m.7 views

CVE-2025-66312

This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/accounts/groups/Grupo endpoint of the Grav application. Th...

6.2CVSS5.1AI score0.00182EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/02 10:31 p.m.9 views

CVE-2025-66307

This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a user enumeration and email disclosure vulnerability exists in Grav. The "Forgot Password" functionality at /admin/forgot leaks...

6.5CVSS6.2AI score0.00277EPSS
Exploits1References1
Rows per page
Query Builder