Lucene search
K

6 matches found

Cvelist
Cvelist
added 6 hours ago7 views

CVE-2026-12224 Dokan Pro <= 5.0.4 - Authenticated (Vendor+) Privilege Escalation via update_capabilities REST Endpoint

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via updatecapabilities REST Endpoint in all versions up to, and including, 5.0.4. This is due to the updatecapabilities REST handler accepting arbitrary capability strings from the request body and passing them directly to...

8.8CVSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 1:57 a.m.13 views

CVE-2023-3460

The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild...

9.8CVSS6.9AI score0.72306EPSS
Exploits12References1
NVD
NVD
added 2024/04/09 7:15 p.m.19 views

CVE-2024-1571

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video Embed parameter in all versions up to, and including, 9.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the recipe...

4.8CVSS4.3AI score0.00426EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/09 6:58 p.m.11 views

CVE-2024-1571 WP Recipe Maker <= 9.2.1 - Authenticated Stored Cross-Site Scripting via Video Embed

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video Embed parameter in all versions up to, and including, 9.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the recipe...

4.4CVSS7.4AI score0.00426EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2023/07/11 8:15 p.m.252 views

Exploit for CVE-2023-3460

CVE-2023-3460 The Ultimate Member WordPress plugin before 2.6...

9.8CVSS9.7AI score0.72306EPSS
Exploits12
VulnCheck KEV
VulnCheck KEV
added 2023/06/29 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-3460

The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild...

9.8CVSS7.6AI score0.72306EPSS
Exploits12References1
Rows per page
Query Builder