Lucene search
K

144 matches found

Patchstack
Patchstack
added 2026/02/07 12:9 a.m.7 views

WordPress The Bucketlister plugin <= 0.1.5 - Missing Authorization to Authenticated (Subscriber+) Bucket List Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Bucket List Modification vulnerability discovered by Ivan Cese in WordPress Plugin The Bucketlister versions = 0.1.5...

4.3CVSS5.4AI score0.00158EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 11:16 a.m.8 views

WordPress EventPrime - Events Calendar, Bookings and Tickets plugin <= 3.4.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion vulnerability

WordPress EventPrime - Events Calendar, Bookings and Tickets plugin = 3.4.3 - Missing Authorization to Authenticated Subscriber+ Arbitrary Post Deletion vulnerability discovered by Lucio Sá in WordPress Plugin EventPrime versions = 3.4.3...

6.5CVSS5.4AI score0.00324EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 7:28 a.m.6 views

WordPress WP Courses LMS plugin <= 3.2.21 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Meta Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary User Meta Update vulnerability discovered by Thanh Nam Tran in WordPress Plugin WP Courses LMS versions = 3.2.21...

7.5CVSS5.4AI score0.00747EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 8:39 a.m.7 views

WordPress Smart Online Order for Clover plugin <= 1.5.6 - Missing Authorization to Authenticated (Subscriber+) Plugin Data Update vulnerability

Missing Authorization to Authenticated Subscriber+ Plugin Data Update vulnerability discovered by Lucio Sá in WordPress Plugin Smart Online Order for Clover versions = 1.5.6...

4.3CVSS5.3AI score0.00353EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 6:42 a.m.9 views

WordPress Ultimate Coming Soon & Maintenance plugin <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Template Name Update vulnerability

Missing Authorization to Authenticated Subscriber+ Template Name Update vulnerability discovered by Tieu Pham Trong Nhan - TechlabCorp in WordPress Plugin Ultimate Coming Soon & Maintenance versions = 1.0.9...

4.3CVSS7.3AI score0.00327EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/16 6:38 a.m.9 views

WordPress AffiliateX plugin 1.0.0-1.3.9.3 - Authenticated (Subscriber+) Missing Authorization to Stored Cross-Site Scripting

Authenticated Subscriber+ Missing Authorization to Stored Cross-Site Scripting vulnerability discovered by kr0d in WordPress Plugin AffiliateX versions 1.0.0-1.3.9.3...

6.4CVSS5.8AI score0.00166EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 8:57 a.m.20 views

CVE-2023-4999

The Horizontal scrolling announcement plugin for WordPress is vulnerable to SQL Injection via the plugin's horizontal-scrolling shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

8.8CVSS6.6AI score0.00725EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:16 a.m.8 views

CVE-2025-13766

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to a missing capability checks on multiple REST API endpoints in all versions up to, and including, 3.7.6. This makes it possible for...

5.4CVSS5.4AI score0.00146EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/06 4:31 a.m.3 views

CVE-2025-14438 Xagio SEO <= 7.1.0.30 - Authenticated (Subscriber+) Server-Side Request Forgery

The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.1.0.30 via the 'pixabayDownloadImage' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests...

6.4CVSS5.4AI score0.00197EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/06 12:0 a.m.10 views

PT-2026-1401

Name of the Vulnerable Software and Affected Versions ForumWP – Forum & Discussion Board plugin for WordPress versions prior to 2.1.7 Description The ForumWP plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to inadequate input sanitization and output escaping when...

6.4CVSS5.9AI score0.00188EPSS
Exploits0References7
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.9 views

WordPress Post Saint plugin <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Lucio Sá in WordPress Plugin Post Saint versions = 1.3.1...

8.8CVSS5.4AI score0.01516EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.8 views

WordPress Email Notifications for Updates plugin <= 1.1.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by kr0d in WordPress Plugin Email Notifications for Updates versions = 1.1.6...

8.8CVSS5.5AI score0.00366EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Webcake plugin <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Update vulnerability discovered by Legion Hunter in WordPress Plugin Webcake versions = 1.1...

4.3CVSS5.9AI score0.00214EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/17 6:36 a.m.3 views

CVE-2025-13750 Converter for Media <= 6.3.2 - Missing Authorization to Authenticated (Subscriber+) Optimized Image Deletion via regenerate-attachment REST Endpoint

The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /webp-converter/v1/regenerate-attachment REST endpoint in all versions up to, and including, 6.3.2. This makes it possib...

4.3CVSS4.9AI score0.00234EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/15 3:30 p.m.4 views

CVE-2025-14387 LearnPress – WordPress LMS Plugin <= 4.3.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via get_profile_social

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and abov...

6.4CVSS4.7AI score0.0022EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/12 3:20 a.m.4 views

CVE-2025-13334 Blaze Demo Importer 1.0.0 - 1.0.13 - Missing Authorization to Authenticated (Subscriber+) Database Reset and File Deletion

The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file deletion due to a missing capability check on the "blazedemoimporterinstalldemo" function in all versions up to, and including, 1.0.13. This makes it possible for authenticated attackers, with...

8.1CVSS4.8AI score0.00229EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/12/04 11:39 a.m.9 views

WordPress PostGallery plugin <= 1.12.5 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Moose Love - Nagasaki Prefectural University in WordPress Plugin PostGallery versions = 1.12.5...

8.8CVSS6.8AI score0.00707EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/24 7:29 a.m.7 views

WordPress UiPress lite plugin <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by abrahack in WordPress Plugin UiPress lite versions = 3.5.08...

6.4CVSS5.8AI score0.00182EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/21 10:19 p.m.6 views

WordPress Return Refund and Exchange For WooCommerce plugin <= 4.5.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Order Message Read vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary Order Message Read vulnerability discovered by Powpy in WordPress Plugin Return Refund and Exchange For WooCommerce versions = 4.5.5...

5.4CVSS7AI score0.00152EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/20 10:18 p.m.9 views

WordPress Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO plugin <= 2.4.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Cryptocurrency Token, Launchpad Presale, ICO & IDO, Airdrop by TokenICO versions = 2.4.7...

4.3CVSS5.4AI score0.00201EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder