Lucene search
K

558 matches found

EUVD
EUVD
added 6 days ago14 views

EUVD-2026-41728

A security flaw has been discovered in SourceCodester Pizzafy E-Commerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirmorder. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References6
CVE
CVE
added 6 days ago16 views

CVE-2026-14713

SourceCodester Pizzafy E-Commerce System 1.0 is affected by a remote SQL injection in /admin/ajax.php?action=confirm_order caused by manipulating the ID parameter. The vulnerability allows remote exploitation and has publicly released PoC code. Documented metrics indicate high severity (CVSS up t...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References6
NVD
NVD
added last week5 views

CVE-2026-14622

A vulnerability was found in jairiidriss restaurant-website-php-mysql up to 521428b5b612449df0cf4a5d15ee40cba67f3d35. This vulnerability affects unknown code of the file /admin/ajaxfiles of the component AJAX Endpoint. Performing a manipulation results in missing authentication. The attack is...

7.5CVSS0.00517EPSS
Exploits0References6
Cvelist
Cvelist
added last week40 views

CVE-2026-14622 jairiidriss restaurant-website-php-mysql AJAX Endpoint ajax_files missing authentication

A vulnerability was found in jairiidriss restaurant-website-php-mysql up to 521428b5b612449df0cf4a5d15ee40cba67f3d35. This vulnerability affects unknown code of the file /admin/ajaxfiles of the component AJAX Endpoint. Performing a manipulation results in missing authentication. The attack is...

7.5CVSS0.00517EPSS
Exploits0References6
EUVD
EUVD
added last week10 views

EUVD-2026-41661

A vulnerability was found in jairiidriss restaurant-website-php-mysql up to 521428b5b612449df0cf4a5d15ee40cba67f3d35. This vulnerability affects unknown code of the file /admin/ajaxfiles of the component AJAX Endpoint. Performing a manipulation results in missing authentication. The attack is...

7.5CVSS6.6AI score0.00517EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/04 12:0 a.m.10 views

PT-2026-55689

Name of the Vulnerable Software and Affected Versions jairiidriss restaurant-website-php-mysql versions up to 521428b5b612449df0cf4a5d15ee40cba67f3d35 Description A missing authentication flaw exists in the AJAX Endpoint component. A remote attacker can manipulate the '/admin/ajax files' endpoint...

7.5CVSS7.1AI score0.00517EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/24 5:33 a.m.9 views

EUVD-2026-38679

The SignUp & SignIn plugin for WordPress is vulnerable to Authentication Bypass via Weak Password Reset Validation leading to Account Takeover in versions up to, and including, 1.0.0. This is due to the pravelchangepassword AJAX handler — registered via wpajaxnoprivpravelchangepassword and...

9.8CVSS5.9AI score0.00454EPSS
Exploits1References4
NVD
NVD
added 2026/06/20 2:16 p.m.12 views

CVE-2019-25763

WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functionality. Attackers can submit a POST request to the admin-ajax.php endpoint with the...

9.8CVSS0.00428EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/20 1:36 p.m.8 views

EUVD-2019-20199

WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functionality. Attackers can submit a POST request to the admin-ajax.php endpoint with the...

9.8CVSS5.9AI score0.00428EPSS
Exploits0References3
CVE
CVE
added 2026/06/20 1:36 p.m.23 views

CVE-2019-25763

WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability. An attacker can submit a POST to admin-ajax.php with the uabb-lf-google-submit action, a valid administrator email, and a valid nonce to obtain session cookies and authenticate as that user. CVSS...

9.8CVSS5.9AI score0.00428EPSS
Exploits0References3
NVD
NVD
added 2026/06/20 9:16 a.m.14 views

CVE-2026-11911

The Simple File List plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the eeSFLDeleteFile function in all versions up to, and including, 6.3.7. This makes it possible for unauthenticated attackers to delete arbitrary files on the server,...

7.5CVSS0.0078EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/20 8:29 a.m.9 views

CVE-2026-11911

The Simple File List plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the eeSFLDeleteFile function in all versions up to, and including, 6.3.7. This makes it possible for unauthenticated attackers to delete arbitrary files on the server,...

7.5CVSS6.7AI score0.0078EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.14 views

PT-2026-51139

Name of the Vulnerable Software and Affected Versions WordPress Ultimate Addons for Beaver Builder version 1.2.4.1 Description An authentication bypass exists in the social media login form functionality. Attackers can gain unauthorized access by submitting a POST request to the 'admin-ajax.php'...

9.8CVSS5.9AI score0.00428EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.22 views

PT-2026-51131

Name of the Vulnerable Software and Affected Versions Simple File List versions prior to 6.3.8 Description The Simple File List plugin for WordPress contains a flaw allowing unauthenticated attackers to delete arbitrary files on the server. This occurs due to insufficient file path validation...

7.5CVSS6.8AI score0.0078EPSS
Exploits0References10
NVD
NVD
added 2026/06/16 6:16 a.m.13 views

CVE-2026-9187

The Abandoned Contact Form 7 plugin for WordPress is vulnerable to unauthorized arbitrary post deletion in versions up to, and including, 2.2. This is due to a missing capability check and missing nonce validation in the actionremoveabandoned function, which is registered to both the...

5.3CVSS0.00228EPSS
Exploits0References4
CVE
CVE
added 2026/06/16 4:30 a.m.11 views

CVE-2026-9187

The Abandoned Contact Form 7 plugin for WordPress (

5.3CVSS5.5AI score0.00228EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-49620

Name of the Vulnerable Software and Affected Versions Abandoned Contact Form 7 versions prior to 2.3 Description The plugin allows unauthenticated attackers to permanently delete arbitrary posts, pages, or other content on a site. This occurs because the action remove abandoned function, register...

5.3CVSS6AI score0.00228EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/15 12:2 p.m.8 views

EUVD-2016-10897

WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send requests to the admin-ajax.php endpoint wit...

8.8CVSS6.2AI score0.00302EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/15 12:2 p.m.34 views

CVE-2016-20068 WordPress Booking Calendar Contact Form 1.0.23 SQL Injection

WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send requests to the admin-ajax.php endpoint wit...

8.8CVSS0.00302EPSS
Exploits0References3
CVE
CVE
added 2026/06/15 12:2 p.m.13 views

CVE-2016-20068

The CVE-2016-20068 entry details an unauthenticated blind SQL injection in WordPress Booking Calendar Contact Form 1.0.23. The vulnerability is triggered via admin-ajax.php with action set to dex_bccf_calendar_ajaxevent, using a crafted value in the id parameter to extract sensitive database info...

8.8CVSS6.3AI score0.00302EPSS
Exploits0References3
Rows per page
Query Builder