Lucene search
K

276 matches found

Vulnrichment
Vulnrichment
added 2025/03/28 11:13 a.m.5 views

CVE-2025-2815 Administrator Z <= 2025.03.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

The Administrator Z plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the adminzimportbackup function in all versions up to, and including, 2025.03.24. This makes it possible for authenticated...

8.8CVSS7.4AI score0.00334EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/28 12:0 a.m.3 views

WordPress plugin Administrator Z 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...

8.8CVSS8.1AI score0.00334EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/03/25 9:36 p.m.4 views

WordPress BWL Advanced FAQ Manager plugin <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Arbitrary Options Update vulnerability discovered by Lucio Sá in WordPress Plugin BWL Advanced FAQ Manager versions = 2.1.4...

8.1CVSS7AI score0.00303EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/03/18 9:31 p.m.7 views

WordPress Altair theme <= 5.2.4 - Unauthenticated Arbitrary Options Update via pp_import_current vulnerability

Unauthenticated Arbitrary Options Update via ppimportcurrent vulnerability discovered by Tonn in WordPress Theme Altair versions = 5.2.4...

9.8CVSS8.9AI score0.00478EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/03/14 5:24 a.m.13 views

CVE-2025-2103 SoundRise Music <= 1.7 - Authenticated (Subscriber+) Arbitrary Options Update

The SoundRise Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on theironMusicajax function in all versions up to, and including, 1.6.11. This makes it possible for authenticated attackers, with...

8.8CVSS0.00335EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/03/13 5:29 p.m.5 views

WordPress LoginPress plugin <= 3.3.1 - Cross-Site Request Forgery to Arbitrary Options Update vulnerability

Cross-Site Request Forgery to Arbitrary Options Update vulnerability discovered by Carlos Ferreira in WordPress Plugin LoginPress versions = 3.3.1...

7.5CVSS8.8AI score0.00203EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/03/13 5:28 p.m.5 views

WordPress Industrial theme <= 1.7.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by Tonn in WordPress Theme Industrial versions = 1.7.8...

8.8CVSS8.9AI score0.00335EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/03/13 5:22 p.m.9 views

WordPress SoundRise Music plugin <= 1.7 - Authenticated (Subscriber+) Arbitrary Options Update vulnerability

Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by Tonn in WordPress Plugin SoundRise Music versions = 1.6.11...

8.8CVSS8.9AI score0.00335EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/03/08 3:0 a.m.5 views

WordPress Shortcode Cleaner Lite plugin <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Export vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Options Export vulnerability discovered by Krzysztof Zając in WordPress Plugin Shortcode Cleaner Lite versions = 1.0.9...

6.5CVSS7AI score0.00304EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/03/08 2:24 a.m.64 views

CVE-2025-1481

CVE-2025-1481 concerns the WordPress plugin Shortcode Cleaner Lite. Multiple connected sources confirm a missing capability check in download_backup() that can allow authenticated users with Subscriber-level access and above to export arbitrary options. Affected versions are all up to and includi...

6.5CVSS6.2AI score0.00304EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/03/08 12:0 a.m.3 views

WordPress plugin Shortcode Cleaner Lite 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.5CVSS8.5AI score0.00304EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/03/06 10:19 p.m.4 views

WordPress UiPress lite plugin <= 3.5.04 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by vgo0 in WordPress Plugin UiPress lite versions = 3.5.04...

8.8CVSS7AI score0.00429EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/02/28 9:15 a.m.8 views

CVE-2024-9195

The WHMPress - WHMCS Client Area plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updatesettings case in the /admin/ajax.php file in all versions up to, and including, 4.3-revision-3. This makes ...

8.8CVSS0.00378EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/28 8:23 a.m.8 views

CVE-2024-9195 WHMPress - WHMCS Client Area <= 4.3-revision-3- Authenticated (Subscriber+) Arbitrary Options Update

The WHMPress - WHMCS Client Area plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updatesettings case in the /admin/ajax.php file in all versions up to, and including, 4.3-revision-3. This makes ...

8.8CVSS8.8AI score0.00378EPSS
Exploits0References2
CVE
CVE
added 2025/02/28 8:23 a.m.97 views

CVE-2024-9195

CVE-2024-9195 affects the WordPress plugin WHMPress — WHMCS Client Area (for WordPress) and is caused by a missing capability check on the update_settings operation in the file /admin/ajax.php . It allows authenticated attackers with Subscriber+ privileges to modify arbitrary options, potentially...

8.8CVSS8.8AI score0.00378EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/02/28 8:23 a.m.112 views

CVE-2024-9193

Summary: CVE-2024-9193 affects the WordPress WHMpress plugin (versions

9.8CVSS9.9AI score0.03111EPSS
In wildExploits0References2Affected Software1
Patchstack
Patchstack
added 2025/02/27 11:40 p.m.3 views

WordPress WHMPress - WHMCS Client Area plugin <= 4.3-revision-3 - Authenticated (Subscriber+) Arbitrary Options Update vulnerability

WordPress WHMPress - WHMCS Client Area plugin = 4.3-revision-3 - Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by Tonn in WordPress Plugin WHMCS Client Area for WordPress by WHMpress versions = 4.3-revision-3...

8.8CVSS7AI score0.00378EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/02/27 11:38 p.m.5 views

WordPress WHMpress plugin <= 6.3-revision-0 - Unauthenticated Local File Inclusion to Arbitrary Options Update vulnerability

Unauthenticated Local File Inclusion to Arbitrary Options Update vulnerability discovered by Tonn in WordPress Plugin WHMpress versions = 6.3-revision-0...

9.8CVSS7AI score0.03111EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/02/17 10:14 p.m.5 views

WordPress Shopwarden plugin <= 1.0.11 - Cross-Site Request Forgery to Arbitrary Options Update vulnerability

Cross-Site Request Forgery to Arbitrary Options Update vulnerability discovered by Brian Sans-Souci liardom in WordPress Plugin Shopwarden versions = 1.0.11...

8.8CVSS7AI score0.00227EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/02/17 10:0 p.m.4 views

WordPress Option Editor plugin <= 1.0 - Cross-Site Request Forgery to Arbitrary Options Update vulnerability

Cross-Site Request Forgery to Arbitrary Options Update vulnerability discovered by Colin Xu in WordPress Plugin Option Editor versions = 1.0...

8.8CVSS7AI score0.00262EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder