Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

73 matches found

EUVD
EUVDadded 2026/04/17 3:30 a.m.2 views

EUVD-2026-23337

The WP Statistics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14.16.4. This is due to missing capability checks on multiple AJAX handlers including wpstatisticsgetfilters, wpstatisticsgetPrivacyStatus, wpstatisticsupdatePrivacyStatus, and...

6.5CVSS5.8AI score0.00023EPSS
Exploits0References10
NVD
NVDadded 2026/04/17 2:16 a.m.2 views

CVE-2026-3488

The WP Statistics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14.16.4. This is due to missing capability checks on multiple AJAX handlers including wpstatisticsgetfilters, wpstatisticsgetPrivacyStatus, wpstatisticsupdatePrivacyStatus, and...

6.5CVSS0.00023EPSS
Exploits0References9
ATTACKERKB
ATTACKERKBadded 2026/04/17 1:24 a.m.2 views

CVE-2026-3488

The WP Statistics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14.16.4. This is due to missing capability checks on multiple AJAX handlers including wpstatisticsgetfilters, wpstatisticsgetPrivacyStatus, wpstatisticsupdatePrivacyStatus, and...

6.5CVSS5.8AI score0.00023EPSS
Exploits0References10
Vulnrichment
Vulnrichmentadded 2026/04/17 1:24 a.m.1 views

CVE-2026-3488 WP Statistics <= 14.16.4 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure and Privacy Audit Manipulation

The WP Statistics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14.16.4. This is due to missing capability checks on multiple AJAX handlers including wpstatisticsgetfilters, wpstatisticsgetPrivacyStatus, wpstatisticsupdatePrivacyStatus, and...

6.5CVSS5.7AI score0.00023EPSS
Exploits0References9
Positive Technologies
Positive Technologiesadded 2026/04/17 12:0 a.m.1 views

PT-2026-33392

The WP Statistics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14.16.4. This is due to missing capability checks on multiple AJAX handlers including wp statistics get filters, wp statistics getPrivacyStatus, wp statistics updatePrivacyStatus, a...

6.5CVSS5.8AI score0.00023EPSS
Exploits0References10
Snyk
Snykadded 2026/03/25 7:52 p.m.1 views

Missing Authorization

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authorization due to missing authentication and authorization checks in the reports.json.php and getData.json.php endpoints. An attacker can access sensiti...

6.9CVSS5.8AI score0.00112EPSS
Exploits1References2
EUVD
EUVDadded 2026/03/25 7:52 p.m.2 views

EUVD-2026-14496

AVideo Allows Unauthenticated Access to ADServer reports.json.php that Exposes Ad Campaign Analytics and User Data...

5.3CVSS5.8AI score0.00112EPSS
Exploits1References3
NVD
NVDadded 2026/03/23 7:16 p.m.0 views

CVE-2026-33685

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the plugin/ADServer/reports.json.php endpoint performs no authentication or authorization checks, allowing any unauthenticated attacker to extract ad campaign analytics data including video titles, user channel...

5.3CVSS0.00112EPSS
Exploits1References2
CNNVD
CNNVDadded 2026/03/23 12:0 a.m.4 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained security vulnerabilities. These vulnerabilities stemmed from insufficient authentication and authorization checks at the reports.json.php endpoint of the ADServer...

5.3CVSS5.8AI score0.00112EPSS
Exploits1References2
Hacker One
Hacker Oneadded 2026/03/14 6:13 a.m.9 views

LinkedIn: Access to Deactivated LinkedIn Company Pages via Competitor Analytics API

A vulnerability was discovered in LinkedIn's Competitor Analytics API that permitted authenticated users to access analytics data for deactivated company pages...

5.8AI score
Exploits0
RedhatCVE
RedhatCVEadded 2026/02/11 1:16 p.m.2 views

CVE-2025-14895

The PopupKit plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.0. This is due to the plugin not properly verifying that a user is authorized to access the /popup/logs REST API endpoint. This makes it possible for authenticated attackers, with...

5.4CVSS5.5AI score0.00015EPSS
Exploits0References1
NVD
NVDadded 2026/02/10 10:15 a.m.7 views

CVE-2025-14895

The PopupKit plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.0. This is due to the plugin not properly verifying that a user is authorized to access the /popup/logs REST API endpoint. This makes it possible for authenticated attackers, with...

5.4CVSS0.00015EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/02/10 9:26 a.m.1 views

CVE-2025-14895 PopupKit <= 2.2.0 - Missing Authorization to Sensitive Information Disclosure and Data Deletion

The PopupKit plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.0. This is due to the plugin not properly verifying that a user is authorized to access the /popup/logs REST API endpoint. This makes it possible for authenticated attackers, with...

5.4CVSS5.5AI score0.00015EPSS
Exploits0References6
CVE
CVEadded 2026/02/10 9:26 a.m.15 views

CVE-2025-14895

CVE-2025-14895 affects the WordPress PopupKit (Popup Builder Block) plugin up to version 2.2.0, enabling an authorization bypass that lets authenticated users with Subscriber-level access or higher read and delete analytics via the /popup/logs REST endpoint. The issue is a missing authorization c...

5.4CVSS5.5AI score0.00015EPSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 2026/02/10 9:26 a.m.2 views

CVE-2025-14895

The PopupKit plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.0. This is due to the plugin not properly verifying that a user is authorized to access the /popup/logs REST API endpoint. This makes it possible for authenticated attackers, with...

5.4CVSS5.5AI score0.00015EPSS
Exploits0References7
Cvelist
Cvelistadded 2026/02/10 9:26 a.m.20 views

CVE-2025-14895 PopupKit <= 2.2.0 - Missing Authorization to Sensitive Information Disclosure and Data Deletion

The PopupKit plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.0. This is due to the plugin not properly verifying that a user is authorized to access the /popup/logs REST API endpoint. This makes it possible for authenticated attackers, with...

5.4CVSS0.00015EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2026/02/10 12:0 a.m.3 views

PT-2026-7245

The PopupKit plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.0. This is due to the plugin not properly verifying that a user is authorized to access the /popup/logs REST API endpoint. This makes it possible for authenticated attackers, with...

5.4CVSS5.5AI score0.00015EPSS
Exploits0References7
NVD
NVDadded 2026/01/24 8:16 a.m.3 views

CVE-2025-14609

The Wise Analytics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.1.9. This is due to missing capability checks on the REST API endpoint '/wise-analytics/v1/report'. This makes it possible for unauthenticated attackers to access sensitive...

5.3CVSS0.00022EPSS
Exploits0References4
CVE
CVEadded 2026/01/24 7:26 a.m.11 views

CVE-2025-14609

Consolidated: CVE-2025-14609 affects the Wise Analytics WordPress plugin (versions

5.3CVSS5.5AI score0.00022EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/01/24 7:26 a.m.2 views

CVE-2025-14609 Wise Analytics <= 1.1.9 - Missing Authorization to Unauthenticated Arbitrary Analytics Database Disclosure via 'name' Parameter

The Wise Analytics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.1.9. This is due to missing capability checks on the REST API endpoint '/wise-analytics/v1/report'. This makes it possible for unauthenticated attackers to access sensitive...

5.3CVSS5.9AI score0.00022EPSS
Exploits0References3
Rows per page
Query Builder