Lucene search
K

5256 matches found

RedhatCVE
RedhatCVE
added 2025/10/31 6:12 a.m.9 views

CVE-2025-10008

The Translate WordPress and go Multilingual – Weglot plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cleanoptions' function in all versions up to, and including, 5.1. This makes it possible for unauthenticated attackers to delete limited...

5.3CVSS5.3AI score0.00264EPSS
Exploits0References1
NVD
NVD
added 2025/10/31 3:15 a.m.11 views

CVE-2025-11975

The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savechanges function in all versions up to, and including,...

4.3CVSS0.00189EPSS
Exploits0References2
CVE
CVE
added 2025/10/31 2:26 a.m.21 views

CVE-2025-11975

CVE-2025-11975 affects the FuseWP WordPress plugin (WordPress User Sync to Email List & Marketing Automation). The root cause is a missing capability check in the save_changes() function, impacting all versions up to and including 1.1.23.0. This enables unauthorized modification of data, allowing...

4.3CVSS5AI score0.00189EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/31 12:0 a.m.9 views

PT-2025-44597

Name of the Vulnerable Software and Affected Versions ERI File Library plugin for WordPress versions up to and including 1.1.0 Description The ERI File Library plugin for WordPress has a flaw that allows unauthorized access to data. This is due to a missing capability check on the erifl file AJAX...

5.3CVSS6AI score0.00233EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/10/31 12:0 a.m.5 views

PT-2025-44592

Name of the Vulnerable Software and Affected Versions The Events Calendar plugin for WordPress versions through 6.15.9 Description The The Events Calendar plugin for WordPress is susceptible to unauthorized access. A missing capability check on the tec qr code modal API endpoint allows...

4.3CVSS6.2AI score0.00218EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/10/31 12:0 a.m.4 views

WordPress plugin FuseWP 安全漏洞

WordPress FuseWP plugin is a WordPress plugin for creating and managing multilingual websites. WordPress FuseWP plugin suffers from an unauthorized modification of data vulnerability that stems from a lack of capability check in the savechanges function, which can be exploited by an attacker to a...

4.3CVSS6.6AI score0.00189EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/31 12:0 a.m.9 views

PT-2025-44578

Name of the Vulnerable Software and Affected Versions FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin versions through 1.1.23.0 Description The FuseWP plugin for WordPress has a flaw that allows unauthorized modification of...

4.3CVSS6.5AI score0.00189EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/10/30 1:22 p.m.14 views

CVE-2025-11587

The Call Now Button – The 1 Click to Call Button for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate function in all versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, with...

4.3CVSS5AI score0.00214EPSS
Exploits0References1
NVD
NVD
added 2025/10/30 7:15 a.m.3 views

CVE-2025-11881

The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'myapppverify' function in all versions up to, and including, 4.5.0. This makes it possible for unauthenticated attackers to extract sensitive data...

5.3CVSS0.00277EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/30 6:45 a.m.5 views

EUVD-2025-36971

The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'myapppverify' function in all versions up to, and including, 4.5.0. This makes it possible for unauthenticated attackers to extract sensitive data...

5.3CVSS4.9AI score0.00277EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/30 5:28 a.m.4 views

EUVD-2025-36900

The Translate WordPress and go Multilingual – Weglot plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cleanoptions' function in all versions up to, and including, 5.1. This makes it possible for unauthenticated attackers to delete limited...

5.3CVSS4.9AI score0.00264EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/30 5:6 a.m.6 views

CVE-2025-11705

The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.23.81 due to a missing capability check combined with an information exposure in several GOTMLS AJAX actions. This makes it possible for authenticat...

6.5CVSS5.1AI score0.00572EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.6 views

PT-2025-44374

Name of the Vulnerable Software and Affected Versions AppPresser – Mobile App Framework plugin for WordPress versions through 4.5.0 Description The AppPresser – Mobile App Framework plugin for WordPress is susceptible to unauthorized data access. A missing capability check within the myappp verif...

5.3CVSS6.2AI score0.00277EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/29 3:31 p.m.5 views

EUVD-2025-36639

The Call Now Button – The 1 Click to Call Button for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate function in all versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, with...

4.3CVSS4.6AI score0.00214EPSS
Exploits0References3
CVE
CVE
added 2025/10/29 12:31 p.m.17 views

CVE-2025-11587

CVE-2025-11587 refers to the WordPress plugin “Call Now Button – The #1 Click to Call Button for WordPress.” The advisory states a missing capability check in the activate function across all versions up to 1.5.3, allowing authenticated users with Subscriber-level access or higher to modify data ...

4.3CVSS4.7AI score0.00214EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/29 6:31 a.m.5 views

EUVD-2025-36602

The Doppler Forms WordPress plugin through 2.5.1 registers an AJAX action installextension without verifying user capabilities or using a nonce. As a result, any authenticated user — including those with the Subscriber role — can install and activate additional Doppler Forms WordPress plugin...

6.5CVSS6.2AI score0.00203EPSS
Exploits0References3
NVD
NVD
added 2025/10/29 5:15 a.m.6 views

CVE-2025-11705

The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.23.81 due to a missing capability check combined with an information exposure in several GOTMLS AJAX actions. This makes it possible for authenticat...

6.5CVSS0.00572EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/29 4:27 a.m.2 views

CVE-2025-11705 Anti-Malware Security and Brute-Force Firewall <= 4.23.81 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read

The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.23.81 due to a missing capability check combined with an information exposure in several GOTMLS AJAX actions. This makes it possible for authenticat...

6.5CVSS4.7AI score0.00572EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.9 views

PT-2025-44700

Name of the Vulnerable Software and Affected Versions Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App versions prior to 3.6.1 Description The Post SMTP plugin for WordPress has a flaw due to a missing capability check within the construct function. This allows...

9.8CVSS6.7AI score0.51507EPSS
Exploits1References26
Tenable Nessus
Tenable Nessus
added 2025/10/27 12:0 a.m.3 views

Siemens SIMATIC Devices Improper Check for Unusual or Exceptional Conditions (CVE-2024-44948)

In the Linux kernel, the following vulnerability has been resolved: x86/mtrr: Check if fixed MTRRs exist before saving them MTRRs have an obsolete fixed variant for fine grained caching control of the 640K-1MB region that uses separate MSRs. This fixed variant has a separate capability bit in the...

5.5CVSS6.2AI score0.0024EPSS
Exploits0References2
Rows per page
Query Builder