Lucene search
K

87 matches found

NVD
NVD
added 2026/02/18 8:16 a.m.7 views

CVE-2026-1831

The YayMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized plugin installation and activation due to missing capability checks on the 'yaymailinstallyaysmtp' AJAX action and /yaymail/v1/addons/activate REST endpoint in all versions up to, and including, 4.3.2...

2.7CVSS0.00293EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/18 7:25 a.m.5 views

CVE-2026-1831

The YayMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized plugin installation and activation due to missing capability checks on the 'yaymailinstallyaysmtp' AJAX action and /yaymail/v1/addons/activate REST endpoint in all versions up to, and including, 4.3.2...

2.7CVSS5.5AI score0.00293EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/12 2:25 p.m.2 views

CVE-2026-1104

The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to unauthorized backup creation and download due to a missing capability check on REST API endpoints in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with...

8.8CVSS5.5AI score0.00266EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.10 views

WordPress plugin WCFM 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.2CVSS5.8AI score0.00436EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/08 1:3 p.m.13 views

CVE-2026-0555

The Premmerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premmercewizardactions' AJAX endpoint in all versions up to, and including, 1.3.20. This is due to missing capability checks and insufficient input sanitization and output escaping on the state parameter. Thi...

6.4CVSS5.6AI score0.00244EPSS
Exploits0References1
NVD
NVD
added 2026/01/28 12:15 p.m.5 views

CVE-2025-14386

The Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the 'generatessourl' and 'validatessotoken' functions in versions 2.4.4 to 2.5.12. This makes it...

8.8CVSS0.00372EPSS
Exploits0References4
CVE
CVE
added 2026/01/28 7:27 a.m.14 views

CVE-2026-1054

The CVE-2026-1054 entry corresponds to the RegistrationMagic WordPress plugin and is supported by multiple connected sources (Wordfence, PatchStack, CVE List). The detail across these sources states that versions up to and including 6.0.7.4 are vulnerable due to missing nonce verification and mis...

5.3CVSS6AI score0.00232EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.10 views

PT-2026-5078

The RegistrationMagic plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 6.0.7.4. This is due to missing nonce verification and capability checks on the rm set otp AJAX action handler. This makes it possible for unauthenticated attackers to modify...

5.3CVSS6AI score0.00232EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.7 views

WordPress Plugin Frontend File Manager Plugin Security Vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

7.5CVSS5.8AI score0.00292EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/25 9:16 a.m.11 views

CVE-2025-14941

The GZSEO plugin for WordPress is vulnerable to authorization bypass leading to Stored Cross-Site Scripting in all versions up to, and including, 2.0.11. This is due to missing capability checks on multiple AJAX handlers combined with insufficient input sanitization and output escaping on the...

6.4CVSS5.8AI score0.00266EPSS
Exploits0References1
NVD
NVD
added 2026/01/24 8:16 a.m.6 views

CVE-2025-14941

The GZSEO plugin for WordPress is vulnerable to authorization bypass leading to Stored Cross-Site Scripting in all versions up to, and including, 2.0.11. This is due to missing capability checks on multiple AJAX handlers combined with insufficient input sanitization and output escaping on the...

6.4CVSS0.00266EPSS
Exploits0References3
NVD
NVD
added 2026/01/23 6:16 p.m.7 views

CVE-2025-14947

The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcallbackcreatebunnystreamvideo, ajaxcallbackgetbunnystreamvideo, and ajaxcallbackdeletebunnystreamvideo functions in all versions up to, and including,...

6.5CVSS0.00369EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.9 views

PT-2026-3571

The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'start migration', 'cancel migration', and 'revert migration' functions in all versions up to, and including, 6.15.13. This makes it possible for authenticated attackers, wit...

5.4CVSS5.5AI score0.00188EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.4 views

CVE-2025-14352

The Awesome Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data due to incorrect authorization in the room-single.php shortcode handler in all versions up to, and including, 1.0.3. This is due to the plugin relying solely on nonce verification without capability...

5.3CVSS6AI score0.00236EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.7 views

WordPress plugin WP Table Builder – Drag & Drop Table Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

9.1CVSS6.6AI score0.00353EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/06 12:0 a.m.8 views

WordPress plugin MasterStudy LMS WordPress Plugin – for Online Courses and Education 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin...

5.4CVSS6.4AI score0.00146EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/20 12:0 a.m.4 views

WordPress plugin WP JobHunt 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

7.6CVSS6.3AI score0.00189EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.4 views

WordPress plugin WP Social Ninja 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

6.5CVSS6.5AI score0.00217EPSS
Exploits0References5
EUVD
EUVD
added 2025/12/12 6:31 a.m.6 views

EUVD-2025-202985

The Simple Theme Changer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the userthemeadmin, displaymethodadmin, and setchangethemebuttonname actions actions in all versions up to, and including, 1.0. This makes it possible for...

4.3CVSS4.6AI score0.00164EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/12 3:20 a.m.5 views

EUVD-2025-202969

The Product Filtering by Categories, Tags, Price Range for WooCommerce – Filter Plus plugin for WordPress is vulnerable to unauthorized modification of data in all versions up to, and including, 1.1.5 due to a missing capability check on the 'filtersavesettings' and 'addfilteroptions' AJAX action...

5.3CVSS5AI score0.00249EPSS
Exploits0References6
Rows per page
Query Builder