Lucene search
K

1561 matches found

euvd
euvd
added 2026/03/21 6:30 a.m.10 views

EUVD-2026-14150

The Task Manager plugin for WordPress is vulnerable to arbitrary shortcode execution via the 'search' AJAX action in all versions up to, and including, 3.0.2. This is due to missing capability checks in the callbacksearch function and insufficient input validation that allows shortcode syntax...

6.5CVSS6.1AI score0.00254EPSS
Exploits0References8
nvd
nvd
added 2026/03/21 4:17 a.m.7 views

CVE-2026-4004

The Task Manager plugin for WordPress is vulnerable to arbitrary shortcode execution via the 'search' AJAX action in all versions up to, and including, 3.0.2. This is due to missing capability checks in the callbacksearch function and insufficient input validation that allows shortcode syntax...

6.5CVSS0.00254EPSS
Exploits0References7
nvd
nvd
added 2026/03/21 4:16 a.m.4 views

CVE-2026-1253

The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'atomchatupdateauthajax' and 'atomchatupdatelayoutajax' functions in all versions up to, and including, 1.1.7. This makes it possible for...

4.3CVSS0.00285EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/03/21 3:26 a.m.4 views

CVE-2026-1253

The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'atomchatupdateauthajax' and 'atomchatupdatelayoutajax' functions in all versions up to, and including, 1.1.7. This makes it possible for...

5.3CVSS5.8AI score0.00285EPSS
Exploits0References4
euvd
euvd
added 2026/03/21 12:31 a.m.3 views

EUVD-2026-13924

The RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 4.1132. The plugin exposes two AJAX handlers that, when combined, allow any authenticated user to modify admin-level plugin settings. First, the...

5.3CVSS5.9AI score0.00236EPSS
Exploits0References7
nvd
nvd
added 2026/03/21 12:16 a.m.5 views

CVE-2026-3567

The RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 4.1132. The plugin exposes two AJAX handlers that, when combined, allow any authenticated user to modify admin-level plugin settings. First, the...

5.3CVSS0.00236EPSS
Exploits0References6
cnnvd
cnnvd
added 2026/03/21 12:0 a.m.11 views

WordPress plugin UiPress lite | Effortless custom dashboards, admin themes and pages 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

4.3CVSS5.8AI score0.00192EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/03/21 12:0 a.m.8 views

WordPress plugin Hr Press Lite 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References5
cnnvd
cnnvd
added 2026/03/21 12:0 a.m.8 views

WordPress plugin Linksy Search and Replace 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.8AI score0.003EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/03/21 12:0 a.m.6 views

PT-2026-26802

The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'atomchat update auth ajax' and 'atomchat update layout ajax' functions in all versions up to, and including, 1.1.7. This makes it possible for...

5.3CVSS5.8AI score0.00285EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/03/21 12:0 a.m.8 views

WordPress plugin Speedup Optimization 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00207EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/03/20 11:25 p.m.12 views

CVE-2026-3567

The RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 4.1132. The plugin exposes two AJAX handlers that, when combined, allow any authenticated user to modify admin-level plugin settings. First, the...

5.3CVSS5.9AI score0.00236EPSS
Exploits0References7
cve
cve
added 2026/03/20 3:37 a.m.8 views

CVE-2026-4038

The CVE concerns the Aimogen Pro plugin for WordPress, where a missing capability check in the aiomatic_call_ai_function_realtime function allows an unauthenticated attacker to perform Arbitrary Function Calls. Affected versions are all up to and including 2.7.5. The exploitation enables calling ...

9.8CVSS5.9AI score0.003EPSS
Exploits0References2
snyk
snyk
added 2026/03/18 12:31 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to missing capability checks in the clonebulkactionhandler and republishrequest functions. An attacker can duplicate or overwrite posts, including those they should not have access to, by sending crafted reques...

5.4CVSS5.8AI score0.00171EPSS
Exploits0References2
nvd
nvd
added 2026/03/18 4:17 a.m.4 views

CVE-2026-1926

The Subscriptions for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpssfwadmincancelsusbcription function in all versions up to, and including, 1.9.2. This is due to the function being hooked to the init action withou...

5.3CVSS0.00307EPSS
Exploits0References6
cnnvd
cnnvd
added 2026/03/18 12:0 a.m.10 views

WordPress plugin Post SMTP 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.0022EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/03/18 12:0 a.m.10 views

PT-2026-26040

The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clone bulk action handler and republish request functions in all versions up to, and including, 4.5. This makes it possible for authenticated attackers, with...

5.4CVSS5.7AI score0.00171EPSS
Exploits0References7
nvd
nvd
added 2026/03/12 3:15 a.m.7 views

CVE-2026-3226

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized email notification triggering due to missing capability checks on all 10 functions in the SendEmailAjax class in all versions up to, and including, 4.3.2.8. The AbstractAjax::catchlpajax dispatcher verifies a...

4.3CVSS0.002EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/03/12 2:22 a.m.5 views

CVE-2026-3226 LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Notification Triggering

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized email notification triggering due to missing capability checks on all 10 functions in the SendEmailAjax class in all versions up to, and including, 4.3.2.8. The AbstractAjax::catchlpajax dispatcher verifies a...

4.3CVSS5.9AI score0.002EPSS
Exploits0References5
euvd
euvd
added 2026/03/12 2:22 a.m.7 views

EUVD-2026-11509

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized email notification triggering due to missing capability checks on all 10 functions in the SendEmailAjax class in all versions up to, and including, 4.3.2.8. The AbstractAjax::catchlpajax dispatcher verifies a...

4.3CVSS5.9AI score0.002EPSS
Exploits0References5
Rows per page
Query Builder