Lucene search
K

353 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/18 3:28 p.m.7 views

CVE-2026-2559

The Post SMTP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handleoffice365oauthredirect function in all versions up to, and including, 3.8.0. This is due to the function being hooked to admininit without any currentusercan check ...

5.3CVSS5.8AI score0.0022EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/18 3:32 a.m.5 views

EUVD-2026-12742

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpgmzacustomjs’ parameter in all versions up to, and including, 10.0.05 due to insufficient input sanitization and output escaping and missing capability check in the...

6.4CVSS5.9AI score0.00156EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/16 3:30 p.m.5 views

EUVD-2026-12202

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the draftpost function in all versions up to, and including, 4.2.8. This makes it...

5.3CVSS5.9AI score0.00193EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/15 2:19 a.m.8 views

CVE-2026-2233

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the draftpost function in all versions up to, and including, 4.2.8. This makes it...

5.3CVSS5.9AI score0.00193EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/14 3:24 a.m.4 views

CVE-2026-1948

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivatelicense function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/08 1:44 a.m.4 views

CVE-2026-1981

The HUMN-1 AI Website Scanner & Human Certification by Winston AI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the winstondisconnect function in all versions up to, and including, 0.0.3. This makes it possible for authenticated...

4.3CVSS5.8AI score0.00283EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/08 1:44 a.m.7 views

CVE-2026-1650

The MDJM Event Management plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'customfieldscontroller' function in all versions up to, and including, 1.7.8.1. This makes it possible for unauthenticated attackers to delete arbitrary custom...

5.3CVSS5.9AI score0.00262EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/07 3:30 a.m.6 views

EUVD-2026-10101

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized message deletion due to a missing capability check on the pgdeletemsg function in all versions up to, and including, 5.9.8.1. This is due to the function not verifying that the requesting us...

9.8CVSS5.9AI score0.01745EPSS
Exploits4References28
NVD
NVD
added 2026/03/07 2:16 a.m.5 views

CVE-2026-1650

The MDJM Event Management plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'customfieldscontroller' function in all versions up to, and including, 1.7.8.1. This makes it possible for unauthenticated attackers to delete arbitrary custom...

5.3CVSS0.00262EPSS
Exploits0References4
NVD
NVD
added 2026/03/07 12:16 a.m.7 views

CVE-2026-1981

The HUMN-1 AI Website Scanner & Human Certification by Winston AI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the winstondisconnect function in all versions up to, and including, 0.0.3. This makes it possible for authenticated...

4.3CVSS0.00283EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/03/06 7:52 a.m.6 views

CVE-2026-3072

The Media Library Assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mlaupdatecompatfieldsaction function in all versions up to, and including, 3.33. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS5.9AI score0.00196EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/05 6:30 a.m.5 views

EUVD-2026-9790

The Media Library Assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mlaupdatecompatfieldsaction function in all versions up to, and including, 3.33. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS6AI score0.00196EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/04 11:22 a.m.3 views

CVE-2026-3056

The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seraphaccelapi AJAX action with fn=LogClear in all versions up to, and including, 2.28.14. This makes it possible for authenticated attackers, with...

4.3CVSS5.9AI score0.0025EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/02 5:23 p.m.6 views

EUVD-2026-9222

The Master Addons for Elementor Premium plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.3 via the 'JLTMAWidgetAdmin::renderpreview'. This is due to missing capability check. This makes it possible for authenticated attackers, with...

8.8CVSS6.2AI score0.00596EPSS
Exploits0References3
NVD
NVD
added 2026/02/25 10:16 a.m.6 views

CVE-2025-14742

The WP Recipe Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajaxsearchrecipes' and 'ajaxgetrecipe' functions in all versions up to, and including, 10.2.3. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS0.00222EPSS
Exploits0References6
NVD
NVD
added 2026/02/19 7:17 a.m.9 views

CVE-2025-12975

The CTX Feed – WooCommerce Product Feed Manager plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the woofeedplugininstalling function in all versions up to, and including, 6.6.11. This makes it possible for authenticated...

7.2CVSS0.00821EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/19 4:36 a.m.5 views

CVE-2026-0974

The Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the 'installplugin' function in all versions up to, and including, 1.20.0. This makes it possible for...

8.8CVSS6AI score0.00605EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/19 4:36 a.m.5 views

CVE-2026-0912 Toret Manager <= 1.2.7 - Authenticated (Subscriber+) Arbitrary Options Update via AJAX actions

The Toret Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'trmansaveoption' function and on the 'trmansaveoptionitems' in all versions up to, and including, 1.2.7. This makes it possible...

8.8CVSS5.7AI score0.00292EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/18 1:28 p.m.5 views

CVE-2026-2608

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.32. This makes it possible for authenticated attackers, with Contributor-level access...

4.3CVSS5.5AI score0.002EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.9 views

PT-2026-20291

Name of the Vulnerable Software and Affected Versions EmailKit – Email Customizer for WooCommerce & WP versions prior to 1.6.3 Description The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress has a flaw that allows unauthorized data modification. This is due to a missing...

4.3CVSS5.5AI score0.00245EPSS
Exploits0References6
Rows per page
Query Builder