Lucene search
K

276 matches found

Patchstack
Patchstack
added 2025/10/25 12:42 a.m.7 views

WordPress GenerateBlocks plugin <= 2.1.1 - Improper Authorization to Authenticated (Contributor+) Arbitrary Options Disclosure vulnerability

Improper Authorization to Authenticated Contributor+ Arbitrary Options Disclosure vulnerability discovered by Lucas Montes Nirox in WordPress Plugin GenerateBlocks versions = 2.1.1...

6.5CVSS7AI score0.00269EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2021-34201

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.16408EPSS
Exploits3References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2023-43882

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00369EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-12384

Malicious code in bioql PyPI...

8.8CVSS9AI score0.00323EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/25 11:47 a.m.11 views

CVE-2025-9054

The MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'wcmlimsettingsajaxhandler' function in all versions up to, and including, 4.2.8...

9.8CVSS6.1AI score0.00349EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/24 11:18 a.m.13 views

CVE-2025-9054 MultiLoca - WooCommerce Multi Locations Inventory Management <= 4.2.8 - Missing Authorization to Unauthenticated Arbitrary Options Update via 'wcmlim_settings_ajax_handler'

The MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'wcmlimsettingsajaxhandler' function in all versions up to, and including, 4.2.8...

9.8CVSS0.00349EPSS
Exploits0References2
CVE
CVE
added 2025/09/24 11:18 a.m.20 views

CVE-2025-9054

CVE-2025-9054 affects the MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress. The issue is unauthorized modification of data due to a missing capability check in the wcmlim_settings_ajax_handler, impacting all versions up to 4.2.8. This allows unauthenticated attack...

9.8CVSS5.8AI score0.00349EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/13 7:25 a.m.8 views

CVE-2025-8423

The My WP Translate plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mtswptremoveplugin and ajaxupdateexportcode functions in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with...

5.4CVSS5.2AI score0.00321EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/11 7:25 a.m.3 views

CVE-2025-8425 My WP Translate <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

The My WP Translate plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajaximportstrings function in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with...

8.8CVSS5.5AI score0.00284EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/11 7:24 a.m.5 views

CVE-2025-8423 My WP Translate <= 1.1 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Option Read and Deletion

The My WP Translate plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mtswptremoveplugin and ajaxupdateexportcode functions in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with...

5.4CVSS4.9AI score0.00321EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/07/28 8:53 p.m.7 views

WordPress Platform theme < 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Options Update vulnerability

Missing Authorization to Unauthenticated Arbitrary Options Update vulnerability discovered by Marc-Alexandre Montpas in WordPress Theme Platform versions 1.4.4...

9.8CVSS7AI score0.01805EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 2:12 a.m.24 views

CVE-2023-3204

The Materialis theme for WordPress is vulnerable to limited arbitrary options updates in versions up to, and including, 1.1.24. This is due to missing authorization checks on the companiondisablepopup function called via an AJAX action. This makes it possible for authenticated attackers, with...

6.5CVSS6.5AI score0.00369EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/19 7:49 p.m.16 views

CVE-2025-39352 WordPress Grand Restaurant WordPress theme <= 7.0 - Arbitrary Options Deletion vulnerability

Missing Authorization vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant: from n/a through = 7.0...

8.2CVSS0.00262EPSS
Exploits0References1
CVE
CVE
added 2025/04/25 8:22 a.m.68 views

CVE-2025-1279

CVE-2025-1279 affects the WordPress plugin BM Content Builder (versions up to 3.16.2.1). The issue is a missing capability check on the AJAX action ux_cb_tools_import_item_ajax , enabling authenticated users with Subscriber+ to perform unauthorized updates to arbitrary WordPress options. This can...

8.8CVSS8.7AI score0.00323EPSS
Exploits0References2
CVE
CVE
added 2025/04/24 8:23 a.m.59 views

CVE-2025-3058

CVE-2025-3058 (Xelion Webchat, WordPress) affects the Xelion Webchat plugin for WordPress, up to and including version 9.1.0. The flaw is a missing capability check in the xwc_save_settings() function, enabling an authenticated attacker with Subscriber+ privileges to update arbitrary options. Doc...

8.8CVSS8.8AI score0.00393EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/04/21 11:11 a.m.6 views

WordPress Grand Restaurant WordPress theme <= 7.0 - Arbitrary Options Deletion vulnerability

Arbitrary Options Deletion vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Grand Restaurant versions = 7.0...

8.2CVSS7AI score0.00262EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/04/10 7:2 a.m.19 views

CVE-2025-3417 Embedder 1.3 - 1.3.5 - Authenticated (Subscriber+) Arbitrary Options Update

The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajaxsetglobaloption function in versions 1.3 to 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level acce...

8.8CVSS0.00353EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/04/04 9:40 a.m.5 views

CVE-2025-3063

The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajaxcallbackupdatesaoption function in versions 2.0 to 2.1. This makes it possible for authenticated attackers, with...

8.8CVSS7.5AI score0.00383EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/31 7:36 a.m.23 views

CVE-2025-2266

The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the cwmpUpdateOptions function in versions 8.6.5 to 8.7.5. This makes it possible for unauthenticated...

9.8CVSS7.7AI score0.00678EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/03/28 9:55 p.m.5 views

WordPress Administrator Z plugin <= 2025.03.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by kr0d in WordPress Plugin Administrator Z versions = 2025.03.24...

8.8CVSS7AI score0.00334EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder