Lucene search
K

353 matches found

Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.9 views

PT-2026-40567

The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get ticket content callback' function in all versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to view an...

5.3CVSS5.8AI score0.00256EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.10 views

WordPress plugin ExactMetrics 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

5.3CVSS5.8AI score0.00258EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.23 views

PT-2026-34649

The ExactMetrics – Google Analytics Dashboard for WordPress Website Stats Plugin plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation in all versions up to, and including, 9.1.2. This is due to the reports page exposing the 'onboarding key' transient to...

7.2CVSS5.8AI score0.00695EPSS
Exploits0References8
EUVD
EUVD
added 2026/04/16 9:31 a.m.8 views

EUVD-2026-23201

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ultpshareCountcallback function in all versions up to, and including, 5.0.5. This makes it possible for...

5.3CVSS5.8AI score0.00283EPSS
Exploits0References3
NVD
NVD
added 2026/04/16 8:16 a.m.6 views

CVE-2026-0718

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ultpshareCountcallback function in all versions up to, and including, 5.0.5. This makes it possible for...

5.3CVSS0.00283EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/16 7:39 a.m.4 views

CVE-2026-0718 Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX <= 5.0.5 - Missing Authorization to Limited Post Meta Modification

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ultpshareCountcallback function in all versions up to, and including, 5.0.5. This makes it possible for...

5.3CVSS5.8AI score0.00283EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.4 views

PT-2026-33282

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ultp shareCount callback function in all versions up to, and including, 5.0.5. This makes it possible for...

5.3CVSS5.8AI score0.00283EPSS
Exploits0References3
NVD
NVD
added 2026/04/15 4:17 a.m.4 views

CVE-2026-1314

The 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sendpostpagesjson function in all versions up to, and including, 1.16.17. This makes it possible for unauthenticat...

5.3CVSS0.00892EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/14 1:24 a.m.1 views

CVE-2026-4365

The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the deletequestionanswer function in all versions up to, and including, 4.3.2.8. The plugin exposes a wprest nonce in public frontend HTML lpData to unauthenticated visitors, and...

9.1CVSS5.8AI score0.00867EPSS
Exploits0References5
NVD
NVD
added 2026/04/08 7:16 a.m.5 views

CVE-2026-3480

The WP Blockade plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 0.9.14. The plugin registers an adminpost action hook 'wp-blockade-shortcode-render' that maps to the rendershortcodepreview function. This function lacks any capability check...

6.5CVSS0.00342EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/04/08 3:36 a.m.3 views

CVE-2026-4299 MainWP Child Reports <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via Heartbeat API

The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...

5.3CVSS5.7AI score0.00545EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/04 1:24 a.m.8 views

CVE-2026-3571

The Pie Register – User Registration, Profiles & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the piemain function in all versions up to, and including, 3.8.4.8. This makes it possible for unauthenticated attacker...

6.5CVSS5.9AI score0.00284EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/01 5:0 a.m.6 views

CVE-2026-1710

The WooPayments: Integrated WooCommerce Payments plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveupeappearanceajax' function in all versions up to, and including, 10.5.1. This makes it possible for unauthenticated attackers to...

6.5CVSS5.9AI score0.00267EPSS
Exploits0References1
NVD
NVD
added 2026/03/31 5:16 a.m.11 views

CVE-2026-1710

The WooPayments: Integrated WooCommerce Payments plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveupeappearanceajax' function in all versions up to, and including, 10.5.1. This makes it possible for unauthenticated attackers to...

6.5CVSS0.00267EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/31 4:25 a.m.3 views

CVE-2026-1710

The WooPayments: Integrated WooCommerce Payments plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveupeappearanceajax' function in all versions up to, and including, 10.5.1. This makes it possible for unauthenticated attackers to...

6.5CVSS5.9AI score0.00267EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/24 12:30 a.m.7 views

EUVD-2026-14656

The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Content Access Rules REST API endpoints in versions 5.0.1 through 5.1.4. This is due to the checkpermissions method only checking for editposts...

5.4CVSS5.8AI score0.00182EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/23 10:25 p.m.11 views

CVE-2026-3225

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question answers due to a missing capability check in the deletequestionanswer function of the EditQuestionAjax class in all versions up to, and including, 4.3.2.8. The...

4.3CVSS5.8AI score0.00262EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/21 6:30 a.m.7 views

EUVD-2026-13983

The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'atomchatupdateauthajax' and 'atomchatupdatelayoutajax' functions in all versions up to, and including, 1.1.7. This makes it possible for...

5.3CVSS5.8AI score0.00285EPSS
Exploits0References4
NVD
NVD
added 2026/03/21 4:16 a.m.4 views

CVE-2026-2294

The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'uipsaveglobalsettings' function in all versions up to, and including, 3.5.09. This makes it possible for...

4.3CVSS0.00192EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:26 a.m.2 views

CVE-2026-2294

The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'uipsaveglobalsettings' function in all versions up to, and including, 3.5.09. This makes it possible for...

4.3CVSS5.9AI score0.00192EPSS
Exploits0References3
Rows per page
Query Builder