Lucene search
K

276 matches found

CNNVD
CNNVD
added 2026/03/11 12:0 a.m.8 views

WordPress plugin Gutena Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.8CVSS5.9AI score0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/06 6:0 a.m.4 views

CVE-2026-2446 Powerpack for LearnDash < 1.3.0 - Unauthenticated Arbitrary Option Update

The PowerPack for LearnDash WordPress plugin before 1.3.0 does not have authorization and CRSF checks in an AJAX action, allowing unauthenticated users to update arbitrary WordPress options such as defaultrole etc and create arbitrary admin users...

5.9AI score0.00303EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/19 4:36 a.m.31 views

CVE-2026-0912 Toret Manager <= 1.2.7 - Authenticated (Subscriber+) Arbitrary Options Update via AJAX actions

The Toret Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'trmansaveoption' function and on the 'trmansaveoptionitems' in all versions up to, and including, 1.2.7. This makes it possible...

8.8CVSS0.00292EPSS
Exploits0References4
CVE
CVE
added 2026/02/19 4:36 a.m.24 views

CVE-2025-15041

The CVE refers to BackWPup – WordPress Backup & Restore Plugin for WordPress, where a missing capability check in save_site_option() in versions

7.2CVSS5.7AI score0.00375EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/19 4:36 a.m.30 views

CVE-2025-15041 BackWPup <= 5.6.2 - Authenticated (BackWPup Helper+) Privilege Escalation via Arbitrary Options Update

The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the savesiteoption function in all versions up to, and including, 5.6.2. This makes it possible for...

7.2CVSS0.00375EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/02/19 12:11 a.m.7 views

WordPress BackWPup plugin <= 5.6.2 - Authenticated (BackWPup Helper+) Privilege Escalation via Arbitrary Options Update vulnerability

Authenticated BackWPup Helper+ Privilege Escalation via Arbitrary Options Update vulnerability discovered by 0N0ise - cert.pl in WordPress Plugin BackWPup versions = 5.6.2...

7.2CVSS5.5AI score0.00375EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.9 views

WordPress plugin Toret Manager 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.8CVSS6AI score0.00292EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/02/18 11:34 p.m.6 views

WordPress Toret Manager plugin <= 1.2.7 - Authenticated (Subscriber+) Arbitrary Options Update via AJAX actions vulnerability

Authenticated Subscriber+ Arbitrary Options Update via AJAX actions vulnerability discovered by vgo0 in WordPress Plugin Toret Manager versions = 1.2.7...

8.8CVSS5.5AI score0.00292EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/18 6:42 a.m.5 views

CVE-2026-1937 YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Options Update via 'yaymail_import_state' AJAX Action

The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the yaymailimportstate AJAX action in all versions up to, and including, 4.3.2. This makes it possible for...

7.2CVSS5.7AI score0.00411EPSS
Exploits1References4
Patchstack
Patchstack
added 2026/02/18 12:23 a.m.9 views

WordPress YayMail plugin <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Options Update via 'yaymail_import_state' AJAX Action vulnerability

Missing Authorization to Authenticated Shop Manager+ Arbitrary Options Update via 'yaymailimportstate' AJAX Action vulnerability discovered by whizzu in WordPress Plugin YayMail – WooCommerce Email Customizer versions = 4.3.2...

9.8CVSS5.5AI score0.00411EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/02/13 9:23 p.m.21 views

CVE-2025-15157

The CVE applies to the WordPress plugin Starfish Review Generation & Marketing (WordPress

8.8CVSS5.7AI score0.00316EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/02/09 11:33 p.m.6 views

WordPress WCFM - WooCommerce Frontend Manager plugin <= 6.7.24 - Authenticated (Shop Manager+) Arbitrary Options Update vulnerability

WordPress WCFM - WooCommerce Frontend Manager plugin = 6.7.24 - Authenticated Shop Manager+ Arbitrary Options Update vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - cyberdogzmarketing.com | krei.dev | ogbuilders.io in WordPress Plugin WCFM – Frontend Manager for WooCommerce versions...

7.2CVSS5.5AI score0.00436EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/02/09 11:23 p.m.37 views

CVE-2026-0845 WCFM - WooCommerce Frontend Manager <= 6.7.24 - Authenticated (Shop Manager+) Arbitrary Options Update

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'WCFMSettingsController::processing' function in...

7.2CVSS0.00436EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/09 11:23 p.m.2 views

CVE-2026-0845 WCFM - WooCommerce Frontend Manager <= 6.7.24 - Authenticated (Shop Manager+) Arbitrary Options Update

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'WCFMSettingsController::processing' function in...

7.2CVSS5.7AI score0.00436EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/02/03 6:43 a.m.5 views

WordPress ElementInvader Addons for Elementor plugin <= 1.3.1 - Missing Authorization to Arbitrary Options Read vulnerability

Missing Authorization to Arbitrary Options Read vulnerability discovered by Francesco Carlucci in WordPress Plugin ElementInvader Addons for Elementor versions = 1.3.1...

4.3CVSS5.4AI score0.003EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 8:22 a.m.6 views

WordPress Post Grid Gutenberg Blocks and WordPress Blog Plugin - PostX plugin <= 4.1.2 - Missing Authorization to Arbitrary Options Update vulnerability

WordPress Post Grid Gutenberg Blocks and WordPress Blog Plugin - PostX plugin = 4.1.2 - Missing Authorization to Arbitrary Options Update vulnerability discovered by 1337Wannabe - home in WordPress Plugin PostX versions = 4.1.2...

8.8CVSS5.3AI score0.01426EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/29 9:24 a.m.7 views

CVE-2025-13471

The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...

5.3CVSS5.9AI score0.00264EPSS
Exploits0References1
CVE
CVE
added 2026/01/28 6:0 a.m.18 views

CVE-2025-13471

CVE-2025-13471 affects the WordPress plugin User Activity Log (

5.3CVSS5.9AI score0.00264EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/28 6:0 a.m.31 views

CVE-2025-13471 User Activity Log <= 2.2 - Unauthenticated Limited Arbitrary Option Update

The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...

0.00264EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/28 6:0 a.m.3 views

CVE-2025-13471 User Activity Log <= 2.2 - Unauthenticated Limited Arbitrary Option Update

The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...

5.9AI score0.00264EPSS
Exploits0References1
Rows per page
Query Builder