Lucene search
K

353 matches found

NVD
NVD
added 2026/01/06 4:15 a.m.13 views

CVE-2025-11370

The Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'store' function of the...

5.3CVSS0.00235EPSS
Exploits0References4
NVD
NVD
added 2026/01/01 5:15 p.m.6 views

CVE-2025-14428

The All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs - My Sticky Elements plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'mystickyelementsbulks' function in all versions up to, and including, 2.3.3. This...

4.3CVSS0.00261EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/25 5:25 a.m.10 views

CVE-2025-13773

The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.8.0 via the 'WooCommerceDeliveryNotes::update' function. This is due to missing capability check in the 'WooCommerceDeliveryNotes::update' functio...

9.8CVSS6.9AI score0.032EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/23 12:30 p.m.4 views

EUVD-2025-204785

The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gettemplatecontent' function in all versions up to, and including, 4.11.53. This makes it possible for...

5.3CVSS4.8AI score0.00715EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/12/23 9:19 a.m.26 views

CVE-2025-14155 Premium Addons for Elementor <= 4.11.53 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'get_template_content'

The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gettemplatecontent' function in all versions up to, and including, 4.11.53. This makes it possible for...

5.3CVSS0.00715EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/20 12:0 a.m.7 views

PT-2025-52535

Name of the Vulnerable Software and Affected Versions Pretty Google Calendar plugin for WordPress versions prior to 2.0.1 Description The Pretty Google Calendar plugin for WordPress is susceptible to unauthorized data access. This is due to a missing capability check within the pgcal ajax handler...

5.3CVSS6.2AI score0.00231EPSS
Exploits0References6
EUVD
EUVD
added 2025/12/18 9:21 a.m.5 views

EUVD-2025-204251

The Demo Importer Plus plugin for WordPress is vulnerable to unauthorized modification of data, loss of data, and privilege escalation due to a missing capability check on the Ajax::handlerequest function in all versions up to, and including, 2.0.8. This makes it possible for authenticated...

8.8CVSS4.9AI score0.00302EPSS
Exploits1References3
CVE
CVE
added 2025/12/17 6:36 a.m.14 views

CVE-2025-14061

CVE-2025-14061 – WP Cookie Consent (Cookie Banner, GDPR/CCPA consent) for WordPress : Unauthenticated attackers can modify data and permanently delete arbitrary posts, pages, attachments, and other post types by ID due to a missing capability check in gdpr_delete_policy_data. Affected versions: a...

5.3CVSS5.2AI score0.00227EPSS
Exploits0References3
NVD
NVD
added 2025/12/16 8:15 a.m.14 views

CVE-2025-11991

The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the runcallback function in all versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to generate form...

5.3CVSS0.00189EPSS
Exploits0References2
NVD
NVD
added 2025/12/15 3:15 p.m.17 views

CVE-2025-13950

The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings handling functionality in all versions up to, and including, 3.6.1. This is due to the plugin processing POST requests without verifying...

5.3CVSS0.003EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/15 2:25 p.m.4 views

EUVD-2025-203368

The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the addimagestogallerycallback function in all versions up to, and including, 2.13.3. This makes it possible for authenticated attackers, wit...

4.3CVSS4.8AI score0.00231EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/14 5:3 a.m.4 views

CVE-2025-11164

The Mavix Education theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mavixeducationactivateplugin' AJAX action in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level acces...

4.3CVSS5.1AI score0.00164EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/13 6:30 p.m.6 views

EUVD-2025-203200

The Popup Builder Easy Notify Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the easynotifycpreset function in all versions up to, and including, 1.1.37. This makes it possible for authenticated attackers, with Subscriber-level...

6.5CVSS4.6AI score0.00221EPSS
Exploits0References4
NVD
NVD
added 2025/12/13 4:16 p.m.5 views

CVE-2025-14581

The HAPPY – Helpdesk Support Ticket System plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'submitformreply' AJAX action in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level acces...

4.3CVSS0.00221EPSS
Exploits0References4
NVD
NVD
added 2025/12/13 4:16 p.m.5 views

CVE-2025-14447

The AnnunciFunebri Impresa plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the annfuresetoptions function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS0.00256EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/13 3:59 a.m.4 views

CVE-2025-12783

The Premmerce Brands for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveBrandsSettings function in all versions up to, and including, 1.2.13. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS5.1AI score0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/13 3:59 a.m.7 views

CVE-2025-13314

The Product Filtering by Categories, Tags, Price Range for WooCommerce – Filter Plus plugin for WordPress is vulnerable to unauthorized modification of data in all versions up to, and including, 1.1.6 due to a missing capability check on the 'filtersavesettings' and 'addfilteroptions' AJAX action...

5.3CVSS6AI score0.00249EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/13 3:59 a.m.6 views

CVE-2025-13866

The Flow-Flow Social Feed Stream plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flowflowsocialauth AJAX action in versions 3.0.0 to 4.7.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

6.4CVSS5.6AI score0.00217EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.6 views

PT-2025-51073

The Popup Builder Easy Notify Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the easynotify cp reset function in all versions up to, and including, 1.1.37. This makes it possible for authenticated attackers, with Subscriber-level...

6.5CVSS5.1AI score0.00221EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/13 12:0 a.m.7 views

WordPress plugin Popup Builder (Easy Notify Lite) 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

6.5CVSS6.3AI score0.00221EPSS
Exploits0References4
Rows per page
Query Builder