CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2025/12/12 12:0 a.m.•3 views

WordPress plugin Blaze Demo Importer 安全漏洞

8.1CVSS6.3AI score0.00229EPSS

Positive Technologies•added 2025/12/12 12:0 a.m.•4 views

PT-2025-50893

The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'uacf7 get generated pdf' function in all versions up to, and including, 3.5.33. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS5.1AI score0.00337EPSS

Exploits0References7

Positive Technologies•added 2025/12/12 12:0 a.m.•3 views

PT-2025-50816

The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file deletion due to a missing capability check on the "blaze demo importer install demo" function in all versions up to, and including, 1.0.13. This makes it possible for authenticated attackers, with...

8.1CVSS5.1AI score0.00229EPSS

Positive Technologies•added 2025/12/12 12:0 a.m.•5 views

PT-2025-50826

The Flow-Flow Social Feed Stream plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flow flow social auth AJAX action in versions 3.0.0 to 4.7.5. This makes it possible for authenticated attackers, with Subscriber-level access and abov...

6.4CVSS5.6AI score0.00209EPSS

Positive Technologies•added 2025/12/12 12:0 a.m.•8 views

PT-2025-50912

The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplication due to a missing capability check on the 'rednumber duplicate' function in all versions up to, and including, 6.3.3. This makes it possible for authenticated attackers,...

5.3CVSS5.5AI score0.00204EPSS

Exploits0References5

RedhatCVE•added 2025/12/06 6:58 a.m.•13 views

CVE-2025-12355

The Payaza plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxnoprivupdateorderstatus' AJAX endpoint in all versions up to, and including, 0.3.8. This makes it possible for unauthenticated attackers to update order statuses...

5.3CVSS5.4AI score0.00189EPSS

RedhatCVE•added 2025/12/06 6:58 a.m.•16 views

CVE-2025-12354

The Live CSS Preview plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxfrontendsave' AJAX endpoint in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Subscriber-level access an...

4.3CVSS5.9AI score0.0019EPSS

EUVD•added 2025/12/06 6:30 a.m.•3 views

EUVD-2025-201523

The Listar – Directory Listing & Classifieds WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/listar/v1/place/save' REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for...

4.3CVSS4.7AI score0.00158EPSS

Exploits0References3

NVD•added 2025/12/06 6:15 a.m.•7 views

CVE-2025-12577

4.3CVSS0.00158EPSS

NVD•added 2025/12/06 6:15 a.m.•7 views

CVE-2025-12091

The Search, Filters & Merchandising for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcissaveemail' endpoint in all versions up to, and including, 3.0.67. This makes it possible for authenticated attackers, with...

4.3CVSS0.00196EPSS

RedhatCVE•added 2025/12/06 5:54 a.m.•3 views

CVE-2025-13528

The Feedback Modal for Website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handleexport' function in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to export all feedback data in CSV or...

5.3CVSS5.4AI score0.00257EPSS

Vulnrichment•added 2025/12/06 5:49 a.m.•3 views

CVE-2025-12574 Listar – Directory Listing & Classifieds WordPress Plugin <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion

The Listar – Directory Listing & Classifieds WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the '/wp-json/listar/v1/place/delete' REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for...

4.3CVSS4.9AI score0.00158EPSS

RedhatCVE•added 2025/12/06 5:1 a.m.•2 views

CVE-2025-13312

The CRM Memberships plugin for WordPress is vulnerable to unauthorized membership tag creation due to a missing capability check on the 'ntzcrmaddnewtag' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to create arbitrary membership tags an...

5.3CVSS5.5AI score0.00227EPSS

Positive Technologies•added 2025/12/06 12:0 a.m.•8 views

PT-2025-49330

The Search, Filters & Merchandising for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcis save email' endpoint in all versions up to, and including, 3.0.63. This makes it possible for authenticated attackers, with...

4.3CVSS5.1AI score0.00196EPSS