Lucene search
K

353 matches found

NVD
NVD
added 3 days ago6 views

CVE-2026-12955

The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce verification on the gdprcookieconsentajaxsaveschedulescan function the wpajaxgccsaveschedulescan AJAX action in versions up to, and including, 4.3.6...

4.3CVSS0.00196EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago10 views

EUVD-2026-42558

The Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateShippingMethod function registered to the wpajaxlpcorderaffect AJAX action in versions up to, and including, 2.9.0...

4.3CVSS6AI score0.00196EPSS
Exploits0References5
CVE
CVE
added 5 days ago22 views

CVE-2026-14158

The Widget Logic Visual plugin for WordPress is affected by a Remote Code Execution vulnerability in all versions up to 1.52. The issue arises in the widget_logic_visual_check_visibility flow and the widget-logic-update-conditional-tags AJAX action due to missing capability check and nonce verifi...

8.8CVSS6.3AI score0.00516EPSS
Exploits0References4
CVE
CVE
added 2026/06/30 6:0 a.m.13 views

CVE-2026-11581

The CVE-2026-11581 entry concerns the Kali Forms — Contact Form & Drag-and-Drop Builder for WordPress, vulnerable before version 2.4.13. The form captions (columns on the form-entries admin screen) are not sanitized, allowing stored XSS where a user with Contributor-level access (or higher) can i...

5.9CVSS5.8AI score0.0014EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 7:16 a.m.13 views

CVE-2026-8617

The SearchPlus plugin for WordPress is vulnerable to unauthorized modification and deletion of data in versions up to, and including, 1.7.1. This is due to a missing capability check and missing nonce validation on the searchplussavetokenactioncallback and searchplusresettokenactioncallback...

5.3CVSS0.00228EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/24 5:33 a.m.7 views

EUVD-2026-38676

The MP Customize Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in all versions up to and including 1.0. This is due to a completely broken nonce validation in the entermpclploginoptions function, which contains an inverted check if wpverifynonce... return false;...

4.3CVSS5.8AI score0.00176EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/24 5:33 a.m.9 views

EUVD-2026-38673

The 24liveblog - live blog tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatelb24token AJAX function in versions up to, and including, 2.2. The handler only verifies the 'lb24' nonce which is generated and localized to any...

4.3CVSS5.9AI score0.00215EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/24 5:33 a.m.8 views

EUVD-2026-38668

The Assistio plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce verification on the assistioplugindeleteassistiosettings function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers,...

4.3CVSS5.9AI score0.00238EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.10 views

CVE-2026-1930

The Emailchef plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pageoptionsajaxdisconnect function in all versions up to, and including, 3.5.1. This makes it possible for authenticated attackers, with Subscriber-level access and above...

4.3CVSS5.5AI score0.00261EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.15 views

PT-2026-44796

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the update site editor homepage function in all versions up to, and including, 1.0.271. This makes it possible for unauthenticated attackers to...

5.3CVSS5.8AI score0.00411EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/28 12:30 a.m.14 views

EUVD-2026-32678

The Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the sendtestemail function in all versions up to, and including, 3.4.7. This makes it possible for authenticated...

4.3CVSS5.9AI score0.00275EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.12 views

PT-2026-43545

The Enable jQuery Migrate Helper plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the downgrade jquery version function in all versions up to, and including, 1.4.1. This is due to the function only verifying a nonce without checking user...

6.5CVSS5.8AI score0.00277EPSS
Exploits0References7
NVD
NVD
added 2026/05/23 5:16 a.m.14 views

CVE-2026-6897

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\TeamAccounts::savesettings' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...

8.8CVSS0.00244EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/23 4:27 a.m.19 views

CVE-2026-6898 WishList Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) Generate API Secret Key via 'wlm3_generate_api_key' AJAX action

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember3Hooks::generateapikey' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...

8.8CVSS0.00244EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/23 12:0 a.m.14 views

PT-2026-42866

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember3 Hooks::generate api key' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/21 7:29 p.m.6 views

CVE-2026-4843

The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the processajaxrestoreaction function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.8AI score0.00192EPSS
Exploits0References3
NVD
NVD
added 2026/05/18 7:16 a.m.21 views

CVE-2026-1631

The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...

5.4CVSS0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/18 6:0 a.m.48 views

CVE-2026-1631 Feeds for YouTube < 2.6.4 - Subscriber+ License Data Deletion

The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...

0.00231EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 1:1 p.m.9 views

CVE-2026-2515

The Hostinger Reach – AI-Powered Email Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handleajaxaction' function in all versions up to, and including, 1.3.8. This makes it possible for authenticated...

5.3CVSS0.00378EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/13 8:26 a.m.7 views

CVE-2026-2515 Hostinger Reach <= 1.3.8 - Missing Authorization to Authenticated (Subscriber+) Integration API Key Update

The Hostinger Reach – AI-Powered Email Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handleajaxaction' function in all versions up to, and including, 1.3.8. This makes it possible for authenticated...

5.3CVSS5.7AI score0.00378EPSS
Exploits0References4
Rows per page
Query Builder