CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2025/12/13 12:0 a.m.•6 views

PT-2025-51081

The Userback plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the userback get json function in all versions up to, and including, 1.0.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract...

4.3CVSS5.2AI score0.00204EPSS

NVD•added 2025/12/12 10:15 a.m.•3 views

CVE-2025-14074

The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplication due to a missing capability check on the 'rednumberduplicate' function in all versions up to, and including, 6.3.3. This makes it possible for authenticated attackers,...

4.3CVSS0.00204EPSS

EUVD•added 2025/12/12 9:20 a.m.•6 views

EUVD-2025-203072

5.3CVSS5AI score0.00204EPSS

Exploits0References5

CVE•added 2025/12/12 9:20 a.m.•17 views

CVE-2025-14074

CVE-2025-14074 concerns the WordPress plugin PDF for Contact Form 7 + Drag and Drop Template Builder. Public sources confirm a vulnerability where an authenticated user (Subscriber or higher) can trigger unauthorized post duplication due to a missing capability check in the rednumber_duplicate fu...

4.3CVSS5.1AI score0.00204EPSS

NVD•added 2025/12/12 7:15 a.m.•4 views

CVE-2025-14356

The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'uacf7getgeneratedpdf' function in all versions up to, and including, 3.5.33. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS0.00337EPSS

CVE•added 2025/12/12 6:32 a.m.•16 views

CVE-2025-14356

CVE-2025-14356 — The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on uacf7_get_generated_pdf in all versions up to and including 3.5.33. The Wordfence report confirms authenticated users with Subscriber-level a...

4.3CVSS4.8AI score0.00337EPSS

EUVD•added 2025/12/12 6:32 a.m.•3 views

EUVD-2025-203059

4.3CVSS4.7AI score0.00337EPSS

Exploits0References7

EUVD•added 2025/12/12 6:31 a.m.•3 views

EUVD-2025-202999

The URL Media Uploader plugin for WordPress is vulnerable to unauthorized safe file uploads due to a missing capability check on the urlmediauploaderurluploadajaxhandler function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Contributor-leve...

4.3CVSS4.8AI score0.00196EPSS

Exploits0References5

EUVD•added 2025/12/12 6:31 a.m.•4 views

EUVD-2025-203016

The Flow-Flow Social Feed Stream plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flowflowsocialauth AJAX action in versions 3.0.0 to 4.7.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

6.4CVSS5.1AI score0.00209EPSS

EUVD•added 2025/12/12 6:31 a.m.•3 views

EUVD-2025-202993

The Premmerce Brands for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveBrandsSettings function in all versions up to, and including, 1.2.13. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS4.6AI score0.00238EPSS

NVD•added 2025/12/12 4:15 a.m.•4 views

CVE-2025-14064

The BuddyTask plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on multiple AJAX endpoints in all versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

5.4CVSS0.00183EPSS

Exploits0References8

NVD•added 2025/12/12 4:15 a.m.•10 views

CVE-2025-14045

4.3CVSS0.00196EPSS

NVD•added 2025/12/12 4:15 a.m.•2 views

CVE-2025-12783

4.3CVSS0.00238EPSS

Cvelist•added 2025/12/12 3:20 a.m.•25 views

CVE-2025-13334 Blaze Demo Importer 1.0.0 - 1.0.13 - Missing Authorization to Authenticated (Subscriber+) Database Reset and File Deletion

The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file deletion due to a missing capability check on the "blazedemoimporterinstalldemo" function in all versions up to, and including, 1.0.13. This makes it possible for authenticated attackers, with...

8.1CVSS0.00229EPSS

EUVD•added 2025/12/12 3:20 a.m.•3 views

EUVD-2025-202963

8.1CVSS4.7AI score0.00229EPSS

Vulnrichment•added 2025/12/12 3:20 a.m.•2 views

CVE-2025-13334 Blaze Demo Importer 1.0.0 - 1.0.13 - Missing Authorization to Authenticated (Subscriber+) Database Reset and File Deletion

8.1CVSS4.8AI score0.00229EPSS

CVE•added 2025/12/12 3:20 a.m.•11 views

CVE-2025-13314

CVE-2025-13314 affects the WordPress plugin Filter Plus – Product Filtering by Categories, Tags, Price Range for WooCommerce (Filter Plus) up to version 1.1.5. The issue is caused by missing capability checks on two AJAX actions, filter_save_settings and add_filter_options , allowing unauthentica...

5.3CVSS6AI score0.00239EPSS

Vulnrichment•added 2025/12/12 3:20 a.m.•3 views

CVE-2025-13314 Product Filtering by Categories, Tags, Price Range for WooCommerce <= 1.1.6 - Missing Authorization to Unauthenticated Plugin Settings Modification

The Product Filtering by Categories, Tags, Price Range for WooCommerce – Filter Plus plugin for WordPress is vulnerable to unauthorized modification of data in all versions up to, and including, 1.1.6 due to a missing capability check on the 'filtersavesettings' and 'addfilteroptions' AJAX action...

5.3CVSS5.9AI score0.00239EPSS

CVE•added 2025/12/12 3:20 a.m.•9 views

CVE-2025-12783

CVE-2025-12783 affects the Premmerce Brands for WooCommerce WordPress plugin (impact on brand permalink settings). Public details indicate a missing capability check in the saveBrandsSettings function, affecting all versions up to 1.2.13. This enables authenticated users with Subscriber-level acc...

4.3CVSS4.7AI score0.00238EPSS