Lucene search
K

26 matches found

EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43146

The ThriveDesk – Live Chat, AI Chatbot, Helpdesk & Knowledge Base plugin for WordPress is vulnerable to unauthorized cache deletion due to a missing capability check on the 'thrivedeskclearcache' AJAX action in all versions up to, and including, 2.1.7. This makes it possible for authenticated...

4.3CVSS6.1AI score0.00204EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-1832 ThriveDesk <= 2.1.7 - Missing Authorization to Authenticated (Subscriber+) Cache Deletion

The ThriveDesk – Live Chat, AI Chatbot, Helpdesk & Knowledge Base plugin for WordPress is vulnerable to unauthorized cache deletion due to a missing capability check on the 'thrivedeskclearcache' AJAX action in all versions up to, and including, 2.1.7. This makes it possible for authenticated...

4.3CVSS0.00204EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.9 views

CVE-2026-4117

The CalJ plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5. This is due to a missing capability check in the CalJSettingsPage class constructor, which processes the 'save-obtained-key' operation directly from POST data without verifying that the...

5.3CVSS5.5AI score0.00364EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Webcraftic Clearfy plugin <= 2.3.1 - Cross-Site Request Forgery to Clear Cache vulnerability

Cross-Site Request Forgery to Clear Cache vulnerability discovered by Whit Taylor in WordPress Plugin Clearfy Cache versions = 2.3.1...

5.3CVSS8.3AI score0.00141EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/06 11:56 a.m.8 views

CVE-2025-13620

The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to missing authorization in versions up to, and including, 3.1.3. This is due to the REST routes wslu/v1/checkcache/type, wslu/v1/savecache/type, and wslu/v1/settings/clearcountercache being registered with...

5.3CVSS5.8AI score0.00341EPSS
Exploits0References1
GitLab Advisory Database
GitLab Advisory Database
added 2025/11/25 12:0 a.m.7 views

@actbase/native contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

7.1AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/11/25 12:0 a.m.8 views

02-echo contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

7.1AI score
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/11/08 6:30 a.m.6 views

EUVD-2025-38361

The Download Manager plugin for WordPress is vulnerable to unauthorized access due to a hardcoded Cron key used in the deleteExpired and clearTempDataCPCron functions in all versions up to, and including, 3.3.30. This makes it possible for unauthenticated attackers to trigger these cron jobs...

5.3CVSS5.6AI score0.00219EPSS
Exploits0References3
NVD
NVD
added 2025/11/08 4:15 a.m.6 views

CVE-2025-12177

The Download Manager plugin for WordPress is vulnerable to unauthorized access due to a hardcoded Cron key used in the deleteExpired and clearTempDataCPCron functions in all versions up to, and including, 3.3.30. This makes it possible for unauthenticated attackers to trigger these cron jobs...

5.3CVSS0.00219EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/08 3:27 a.m.4 views

CVE-2025-12177 Download Manager <= 3.3.30 - Unauthenticated Cron Trigger due to Hardcoded Cron Key

The Download Manager plugin for WordPress is vulnerable to unauthorized access due to a hardcoded Cron key used in the deleteExpired and clearTempDataCPCron functions in all versions up to, and including, 3.3.30. This makes it possible for unauthenticated attackers to trigger these cron jobs...

5.3CVSS5.6AI score0.00219EPSS
Exploits0References2
CVE
CVE
added 2025/11/08 3:27 a.m.16 views

CVE-2025-12177

CVE-2025-12177 affects the WordPress Download Manager plugin (versions ≤ 3.3.30). The root cause is a hardcoded Cron key that enables unauthenticated triggering of deleteExpired() and clearTempDataCPCron(). This can lead to deletion of expired posts and clearing of cache. The vulnerability is con...

5.3CVSS5.7AI score0.00219EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/08 12:0 a.m.3 views

WordPress plugin Download Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.3CVSS6.5AI score0.00219EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/08 12:0 a.m.8 views

PT-2025-45551

Name of the Vulnerable Software and Affected Versions WordPress Download Manager plugin versions prior to 3.3.31 Description The WordPress Download Manager plugin contains a flaw due to a hardcoded Cron key used in the deleteExpired and clearTempDataCPCron functions. This allows unauthenticated...

5.3CVSS6.8AI score0.00219EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 2:32 a.m.5 views

CVE-2023-1930

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the wpfcclearcacheofallsitescallback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to dele...

4.3CVSS5.1AI score0.00389EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/03/19 7:38 p.m.6 views

WordPress Custom Twitter Feeds plugin <= 2.2.5 - Cross-Site Request Forgery to Cache Reset via ctf_clear_cache_admin Function vulnerability

Cross-Site Request Forgery to Cache Reset via ctfclearcacheadmin Function vulnerability discovered by Kévin Mosbahi Mika in WordPress Plugin Custom Twitter Feeds Tweets Widget versions = 2.2.5...

4.3CVSS8.7AI score0.00193EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/02/17 10:14 p.m.4 views

WordPress SpeedSize Image & Video AI-Optimizer plugin <= 1.5.1 - Cross-Site Request Forgery to Clear Cache vulnerability

Cross-Site Request Forgery to Clear Cache vulnerability discovered by Dhabaleshwar Das in WordPress Plugin SpeedSize Image & Video AI-Optimizer versions = 1.5.1...

4.3CVSS7AI score0.00154EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/04/05 2:15 p.m.2 views

CVE-2023-1868

The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when clearing the plugin cache via the yrcclearcache GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to clear the plugin's...

6.5CVSS6.7AI score0.00615EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/04/05 12:0 a.m.13 views

WordPress plugin YourChannel 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.5CVSS6.8AI score0.00615EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/01/23 5:15 p.m.2 views

CVE-2023-0447

The My YouTube Channel plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the clearallcache function in versions up to, and including, 3.0.12.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to clear t...

4.3CVSS5.9AI score0.00591EPSS
Exploits0References4
OSV
OSV
added 2020/09/01 6:59 p.m.26 views

GHSA-XFMW-2VMM-579C Nodesass is malware

The nodesass package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security concer...

7.5CVSS7.6AI score0.01123EPSS
Exploits0References2
Rows per page
Query Builder