Lucene search
K

5256 matches found

Vulnrichment
Vulnrichment
added 2025/11/06 7:27 a.m.3 views

CVE-2025-12360 Better Find and Replace <= 1.7.7 - Missing Authorization

The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to unauthorized API usage due to a missing capability check on the rtafarajax function in all versions up to, and including, 1.7.7. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS4.8AI score0.00195EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/06 7:27 a.m.4 views

EUVD-2025-37979

The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to unauthorized API usage due to a missing capability check on the rtafarajax function in all versions up to, and including, 1.7.7. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS4.7AI score0.00195EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/06 7:27 a.m.22 views

CVE-2025-12360 Better Find and Replace <= 1.7.7 - Missing Authorization

The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to unauthorized API usage due to a missing capability check on the rtafarajax function in all versions up to, and including, 1.7.7. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS0.00195EPSS
Exploits0References3
NVD
NVD
added 2025/11/06 5:16 a.m.4 views

CVE-2025-12563

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to limited file upload due to an incorrect capability check on theuploadVideo function in all versions up to, and including, 8.6.0. This makes it possible for authenticated attackers, with Subscriber-level acce...

4.3CVSS0.00163EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/06 4:36 a.m.4 views

EUVD-2025-37974

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to limited file upload due to an incorrect capability check on theuploadVideo function in all versions up to, and including, 8.6.0. This makes it possible for authenticated attackers, with Subscriber-level acce...

4.3CVSS5.3AI score0.00163EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/06 3:11 a.m.11 views

CVE-2025-12582

The Features plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'featuresrevertoption AJAX endpoint in all versions up to, and including, 0.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above...

4.3CVSS5.1AI score0.00163EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.4 views

PT-2025-45180

Name of the Vulnerable Software and Affected Versions Better Find and Replace – AI-Powered Suggestions plugin for WordPress versions through 1.7.7 Description The software is susceptible to unauthorized API usage because of a missing capability check within the rtafar ajax function. This allows...

4.3CVSS6.3AI score0.00195EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/11/05 5:8 a.m.5 views

CVE-2025-12156

The Ai Auto Tool Content Writing Assistant Gemini Writer, ChatGPT All in One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savepostdata function in versions 2.0.7 to 2.2.6. This makes it possible for authenticated attackers, with...

4.3CVSS5.6AI score0.00163EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/05 5:8 a.m.3 views

CVE-2025-12158

The Simple User Capabilities plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the sucsubmitcapabilities function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to elevate the role of any user account t...

9.8CVSS5.4AI score0.00377EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/05 4:14 a.m.4 views

CVE-2025-11007

The CE21 Suite plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the wpajaxnoprivce21singlesignonsaveapisettings AJAX action in versions 2.2.1 to 2.3.1. This makes it possible for unauthenticated attackers to update the plugin's API...

9.8CVSS5.8AI score0.004EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/05 2:25 a.m.2 views

CVE-2025-12582 Features <= 0.0.2 - Missing Authorization to Authenticated (Subscriber+) Option Reset

The Features plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'featuresrevertoption AJAX endpoint in all versions up to, and including, 0.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above...

4.3CVSS4.7AI score0.00163EPSS
Exploits0References2
CVE
CVE
added 2025/11/05 2:25 a.m.11 views

CVE-2025-12582

The CVE-2025-12582 vulnerability affects the WordPress Features plugin up to version 0.0.2, caused by a missing capability check on the features_revert_option AJAX endpoint. This allows authenticated users with Subscriber-level access (and above) to modify data by reverting options, exposing unau...

4.3CVSS4.7AI score0.00163EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.4 views

PT-2025-45093

Name of the Vulnerable Software and Affected Versions KiotViet Sync plugin for WordPress versions up to and including 1.8.5 Description The KiotViet Sync plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check within the saveConfig function...

4.3CVSS5.8AI score0.00168EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.6 views

PT-2025-45065

Name of the Vulnerable Software and Affected Versions Features plugin for WordPress versions up to and including 0.0.2 Description The Features plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check on the features revert option API...

4.3CVSS5.8AI score0.00163EPSS
Exploits0References5
NVD
NVD
added 2025/11/04 5:16 a.m.8 views

CVE-2025-12350

The DominoKit plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpajaxnoprivdominokitoptionadminaction AJAX endpoint in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to update plugin settings...

5.3CVSS0.002EPSS
Exploits0References2
NVD
NVD
added 2025/11/04 5:16 a.m.2 views

CVE-2025-12158

The Simple User Capabilities plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the sucsubmitcapabilities function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to elevate the role of any user account t...

9.8CVSS0.00377EPSS
Exploits0References3
NVD
NVD
added 2025/11/04 5:16 a.m.4 views

CVE-2025-12156

The Ai Auto Tool Content Writing Assistant Gemini Writer, ChatGPT All in One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savepostdata function in versions 2.0.7 to 2.2.6. This makes it possible for authenticated attackers, with...

4.3CVSS0.00163EPSS
Exploits0References2
CVE
CVE
added 2025/11/04 4:27 a.m.16 views

CVE-2025-12158

CVE-2025-12158 affects WordPress plugin Simple User Capabilities. Wordfence reports a missing authorization check in suc_submit_capabilities() across versions up to 1.0, enabling unauthenticated attackers to elevate any user to administrator. CVSSv3.1 is rated 9.8 (Critical); exploitation is list...

9.8CVSS5AI score0.00377EPSS
Exploits0References3
CVE
CVE
added 2025/11/04 4:27 a.m.11 views

CVE-2025-12389

CVE-2025-12389 affects the WordPress plugin Import Export For WooCommerce. The vulnerability is an unauthorized data modification flaw caused by a missing capability check in update_setting(), present in all versions up to and including 1.6.2. Exploitation requires authenticated access at Subscri...

4.3CVSS4.7AI score0.00168EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/04 4:27 a.m.11 views

CVE-2025-12389 Import Export For WooCommerce <= 1.6.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The Import Export For WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatesetting function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with Subscriber-level access a...

4.3CVSS0.00168EPSS
Exploits0References2
Rows per page
Query Builder