CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2025/11/12 9:30 a.m.•3 views

EUVD-2025-119993

The Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the atgaideleteapikey function in all versions up to, and including, 1.8.3. This makes it possible for authenticated...

4.3CVSS4.7AI score0.00159EPSS

CVE•added 2025/11/12 7:27 a.m.•12 views

CVE-2025-12113

CVE-2025-12113 affects the WordPress plugin “Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images” (versions

4.3CVSS4.7AI score0.00159EPSS

Vulnrichment•added 2025/11/12 7:27 a.m.•1 views

CVE-2025-12113 Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images <= 1.8.3 - Missing Authorization to Authenticated (Subscriber+) API Key Deletion

4.3CVSS4.7AI score0.00159EPSS

RedhatCVE•added 2025/11/12 3:47 a.m.•9 views

CVE-2025-12665

The Ninja Countdown | Fastest Countdown Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ninjacountdownadminajax' AJAX endpoint in all versions up to, and including, 1.5.0. This makes it possible for authenticated attackers, with...

4.3CVSS5.2AI score0.00159EPSS

RedhatCVE•added 2025/11/12 3:47 a.m.•15 views

CVE-2025-12526

The Private Google Calendars plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pgcremove' action in all versions up to, and including, 20250811. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5AI score0.00191EPSS

RedhatCVE•added 2025/11/12 3:46 a.m.•13 views

CVE-2025-11996

The Find Unused Images plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the fuideleteimage and fuideleteallimages functiosn in all versions up to, and including, 1.0.7. This makes it possible for unauthenticated attackers to delete all of a site...

5.3CVSS5.3AI score0.00307EPSS

CNVD•added 2025/11/12 12:0 a.m.•6 views

WordPress LC Wizard plugin elevation of privilege vulnerability

WordPress LC Wizard plugin is a plugin with security vulnerabilities. WordPress LC Wizard plugin has an elevation of privilege vulnerability that stems from a missing capability check in the ghl-wizard/inc/wpuser.php file, which can be exploited by an attacker to cause an elevation of privilege...

8.1CVSS7.1AI score0.0028EPSS

Positive Technologies•added 2025/11/12 12:0 a.m.•5 views

PT-2025-46569

Name of the Vulnerable Software and Affected Versions Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images plugin for WordPress versions through 1.8.3 Description The Alt Text Generator AI plugin for WordPress is susceptible to unauthorized data loss. A missing capability chec...

4.3CVSS6AI score0.00159EPSS

Exploits0References4

CVE•added 2025/11/11 11:3 a.m.•10 views

CVE-2025-12953

Summary (CVE-2025-12953): The WordPress plugin “Classified Listing – AI-Powered Classified ads & Business Directory Plugin” has a data-modification vulnerability due to a missing capability check in rtcl_ajax_add_listing_type, rtcl_ajax_update_listing_type, and rtcl_ajax_delete_listing_type. Affe...

4.3CVSS4.6AI score0.00194EPSS

EUVD•added 2025/11/11 6:30 a.m.•3 views

EUVD-2025-60939

4.3CVSS4.8AI score0.00159EPSS

EUVD•added 2025/11/11 6:30 a.m.•3 views

EUVD-2025-60967

5.3CVSS4.9AI score0.00307EPSS

Exploits0References5

EUVD•added 2025/11/11 6:30 a.m.•2 views

EUVD-2025-60942

4.3CVSS4.6AI score0.00191EPSS

NVD•added 2025/11/11 4:15 a.m.•4 views

CVE-2025-12665

4.3CVSS0.00159EPSS

NVD•added 2025/11/11 4:15 a.m.•1 views

CVE-2025-12526

4.3CVSS0.00191EPSS

Cvelist•added 2025/11/11 3:30 a.m.•5 views

CVE-2025-11999 Add Multiple Marker <= 1.2 - Missing Authorization to Unauthenticated Settings Update

The Add Multiple Marker plugin for WordPress is vulnerable to unauthorized modification of data to due to a missing capability check on the addmultiplemarkerresetmap and ammsavemapapi functions in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to upda...

5.3CVSS0.00236EPSS

Vulnrichment•added 2025/11/11 3:30 a.m.•3 views

CVE-2025-12526 Private Google Calendars <= 20250811 - Missing Authorization to Authenticated (Subscriber+) Settings Reset

4.3CVSS4.7AI score0.00191EPSS

Positive Technologies•added 2025/11/11 12:0 a.m.•3 views

PT-2025-46275

Name of the Vulnerable Software and Affected Versions Private Google Calendars plugin for WordPress versions prior to 20250811 Description The Private Google Calendars plugin for WordPress is susceptible to unauthorized data modification. This is caused by a missing capability check on the pgc...

4.3CVSS6AI score0.00191EPSS

Exploits0References4

Positive Technologies•added 2025/11/11 12:0 a.m.•4 views

PT-2025-46268

Name of the Vulnerable Software and Affected Versions Find Unused Images plugin for WordPress versions through 1.0.7 Description The Find Unused Images plugin for WordPress is susceptible to unauthorized data loss. This is due to a missing capability check within the fui delete image and fui dele...

5.3CVSS6.2AI score0.00307EPSS

Exploits0References6

RedhatCVE•added 2025/11/09 9:56 a.m.•10 views

CVE-2025-11448

The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/envira-convert/v1/bulk-convert' REST API endpoint in all versions up to, and including, 1.11.0. This makes it possible for...

4.3CVSS5.1AI score0.00163EPSS