Lucene search
+L

357 matches found

RedhatCVE
RedhatCVE
added 2025/12/13 3:59 a.m.7 views

CVE-2025-13314

The Product Filtering by Categories, Tags, Price Range for WooCommerce – Filter Plus plugin for WordPress is vulnerable to unauthorized modification of data in all versions up to, and including, 1.1.6 due to a missing capability check on the 'filtersavesettings' and 'addfilteroptions' AJAX action...

5.3CVSS6AI score0.00249EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/13 3:59 a.m.6 views

CVE-2025-13866

The Flow-Flow Social Feed Stream plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flowflowsocialauth AJAX action in versions 3.0.0 to 4.7.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

6.4CVSS5.6AI score0.00217EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.8 views

PT-2025-51073

The Popup Builder Easy Notify Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the easynotify cp reset function in all versions up to, and including, 1.1.37. This makes it possible for authenticated attackers, with Subscriber-level...

6.5CVSS5.1AI score0.00221EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/13 12:0 a.m.7 views

WordPress plugin Popup Builder (Easy Notify Lite) 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

6.5CVSS6.3AI score0.00221EPSS
Exploits0References4
CVE
CVE
added 2025/12/12 3:20 a.m.19 views

CVE-2025-14045

CVE-2025-14045 affects the URL Media Uploader plugin for WordPress. A missing capability check in url_media_uploader_url_upload_ajax_handler() allows authenticated users with Contributor+ access to upload safe media files across all versions up to 1.0.1. Remediation suspected: upgrade to 1.0.1 or...

4.3CVSS4.9AI score0.00204EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.11 views

PT-2025-50847

The URL Media Uploader plugin for WordPress is vulnerable to unauthorized safe file uploads due to a missing capability check on the url media uploader url upload ajax handler function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with...

4.3CVSS5.3AI score0.00204EPSS
Exploits0References5
EUVD
EUVD
added 2025/12/06 6:30 a.m.4 views

EUVD-2025-201523

The Listar – Directory Listing & Classifieds WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/listar/v1/place/save' REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for...

4.3CVSS4.7AI score0.00164EPSS
Exploits0References3
NVD
NVD
added 2025/12/06 6:15 a.m.11 views

CVE-2025-12091

The Search, Filters & Merchandising for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcissaveemail' endpoint in all versions up to, and including, 3.0.67. This makes it possible for authenticated attackers, with...

4.3CVSS0.00204EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/06 12:0 a.m.11 views

PT-2025-49331

The Listar – Directory Listing & Classifieds WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the '/wp-json/listar/v1/place/delete' REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for...

4.3CVSS5.3AI score0.00164EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/05 6:7 a.m.4 views

EUVD-2025-201359

The Live CSS Preview plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxfrontendsave' AJAX endpoint in all versions up to, and including, 2.0.0. This makes it possible for authenticated attackers, with Subscriber-level access an...

4.3CVSS4.7AI score0.00197EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.14 views

PT-2025-48791

The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the process status unlink function in all versions up to, and including, 2.3.8. This makes it possible for unauthenticate...

5.3CVSS5.4AI score0.00196EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/26 4:52 a.m.15 views

CVE-2025-13558

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'deleteUserCcDraftPost' function in all versions up to, and including, 8.7.0. This makes it possible for authenticated attackers, wi...

5.4CVSS5.2AI score0.00225EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/26 12:30 a.m.13 views

EUVD-2025-199660

The AI Feeds plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizadorgit.php' file in all versions up to, and including, 1.0.11. This makes it possible for unauthenticated attackers to download arbitrary GitHub repositories and overwrite...

9.8CVSS6.8AI score0.00875EPSS
Exploits3References6
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.7 views

PT-2025-47983

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'deleteUserCcDraftPost' function in all versions up to, and including, 8.7.0. This makes it possible for authenticated attackers, wi...

5.4CVSS5.2AI score0.00225EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.5 views

PT-2025-48001

The Refund Request for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update refund status' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS5.1AI score0.00163EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/22 12:34 p.m.9 views

CVE-2025-10054

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ehcrmremoveagent' function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, wit...

5.3CVSS5AI score0.00253EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/22 9:31 a.m.7 views

EUVD-2025-198534

The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized modification od data due to a missing capability check on the pandingbloodrequestaction function in all versions up to, and including, 2.1.15. This makes it possible for...

5.3CVSS5AI score0.00241EPSS
Exploits0References4
NVD
NVD
added 2025/11/22 9:15 a.m.10 views

CVE-2025-13136

The GSheetConnector For Ninja Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'njform-google-sheet-config ' page in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS0.00178EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/22 8:35 a.m.13 views

CVE-2025-11773

The Cryptocurrency Token, Launchpad Presale, ICO & IDO, Airdrop by TokenICO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveDeployedContract' function in all versions up to, and including, 2.4.7. This makes it possible for...

4.3CVSS5.9AI score0.00201EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/22 12:0 a.m.10 views

PT-2025-47826

Name of the Vulnerable Software and Affected Versions IDonate – Blood Donation, Request And Donor Management System plugin for WordPress versions up to and including 2.1.15 Description The IDonate plugin for WordPress is susceptible to unauthorized data modification. A missing capability check...

5.3CVSS6.1AI score0.00241EPSS
Exploits0References8
Rows per page
Query Builder