Lucene search
K

41 matches found

NVD
NVD
added yesterday8 views

CVE-2026-12685

The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator emai...

7.5CVSS0.00145EPSS
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-42830

The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator emai...

7.5CVSS6AI score0.00145EPSS
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-12685

The CVE describes a backdoor in the EscortWP escortwp WordPress theme up to version 3.6.2. The backdoor is vendor-authored and obfuscated, allowing an unauthenticated attacker who supplies a hard-coded per-build key to permanently delete all site content. It also covertly transmits the site URL, ...

7.5CVSS5.8AI score0.00145EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday13 views

CVE-2026-12685 EscortWP <= 3.6.2 - Content Deletion via Vendor-Authored Backdoor

The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator emai...

0.00145EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/20 1:36 p.m.9 views

EUVD-2019-20199

WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functionality. Attackers can submit a POST request to the admin-ajax.php endpoint with the...

9.8CVSS5.9AI score0.00428EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/13 9:31 p.m.6 views

EUVD-2026-11758

The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all versions up to and including 1.6.9.29. This is due to two compounding weaknesses: 1 a non-user-bound publicnonce is exposed to unauthenticated users...

7.5CVSS5.8AI score0.0029EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/11 6:0 a.m.3 views

CVE-2026-1867 WP Front User Submit < 5.0.6 - Unauthenticated Sensitive Information Exposure

The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting / Frontend...

5.8AI score0.00221EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/25 9:30 a.m.7 views

EUVD-2026-8630

The WPGSI: Spreadsheet Integration plugin for WordPress is vulnerable to unauthorized modification and loss of data due to missing capability checks and an insecure authentication mechanism on the wpgsicallBackFuncAccept and wpgsicallBackFuncUpdate REST API functions in all versions up to, and...

7.5CVSS5.7AI score0.00357EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/01/16 8:18 p.m.7 views

CVE-2026-23622

Easy!Appointments is a self hosted appointment scheduler. In 1.5.2 and earlier, application/core/EASecurity.php::csrfverify only enforces CSRF for POST requests and returns early for non-POST methods. Several application endpoints perform state-changing operations while accepting parameters from...

8.8CVSS6.8AI score0.00203EPSS
Exploits1References1
EUVD
EUVD
added 2026/01/12 12:0 a.m.6 views

EUVD-2021-28225

A CSRF issue in index.php in QloApps hotel eCommerce 1.5.1 allows an attacker to change the admin's email address via a crafted HTML document...

5.4CVSS6.2AI score0.00122EPSS
Exploits0References4
NVD
NVD
added 2025/11/06 8:15 p.m.6 views

CVE-2022-50590

SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of t...

8.8CVSS0.00354EPSS
Exploits0References3
OSV
OSV
added 2025/11/06 7:59 p.m.3 views

CVE-2022-50590 SuiteCRM < 7.12.6 Type Confusion via 'deleteAttachment' Functionality

SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of t...

8.8CVSS7.2AI score0.00354EPSS
Exploits0References6
CVE
CVE
added 2025/11/06 7:59 p.m.16 views

CVE-2022-50590

SuiteCRM prior to 7.12.6 has a type confusion flaw in the deleteAttachment module parameter handling. This allows remote, unauthenticated attackers to alter database objects, including changing the administrator’s email. The issue affects SuiteCRM versions before 7.12.6; fixes are provided in 7.1...

8.8CVSS6.6AI score0.00354EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/10/25 5:31 a.m.29 views

CVE-2025-10694 User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds <= 1.8.0 - Missing Authorization to Information Disclosure

The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the maybeloadonboardingwizard function in all versions up to, and including, 1.8.0. This makes it possibl...

5.3CVSS0.00233EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/25 5:31 a.m.4 views

CVE-2025-10694 User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds <= 1.8.0 - Missing Authorization to Information Disclosure

The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the maybeloadonboardingwizard function in all versions up to, and including, 1.8.0. This makes it possibl...

5.3CVSS4.7AI score0.00233EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/25 12:0 a.m.7 views

PT-2025-43701

Name of the Vulnerable Software and Affected Versions User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress versions up to and including 1.8.0 Description The User Feedback plugin for WordPress is susceptible to unauthorized data access. A missi...

5.3CVSS6AI score0.00233EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.14 views

EUVD-2010-1752

Malware in sbrugna...

6.8CVSS6.1AI score0.00524EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/08/25 7:20 a.m.5 views

CVE-2025-5821

The Case Theme User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly logging in a user with the data that was previously verified through the facebookajaxlogincallback function. This makes it possible f...

9.8CVSS6AI score0.00714EPSS
Exploits0References1
NVD
NVD
added 2025/08/23 7:15 a.m.8 views

CVE-2025-5821

The Case Theme User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly logging in a user with the data that was previously verified through the facebookajaxlogincallback function. This makes it possible f...

9.8CVSS0.00714EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 8:1 a.m.9 views

CVE-2024-6869

The Falang multilanguage for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.3.52. This makes it possible for authenticated attackers, with Subscriber-level access and...

7.1CVSS6.3AI score0.00315EPSS
Exploits0References1
Rows per page
Query Builder