Lucene search
K

515 matches found

EUVD
EUVD
added 2026/03/25 6:31 p.m.4 views

EUVD-2026-15851

Missing Authorization vulnerability in wp-configurator WP Configurator Pro wp-configurator-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Configurator Pro: from n/a through = 3.7.9...

5.8AI score0.00219EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 5:17 p.m.6 views

CVE-2026-32501

Missing Authorization vulnerability in wp-configurator WP Configurator Pro wp-configurator-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Configurator Pro: from n/a through = 3.7.9...

7.1CVSS0.00219EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:15 p.m.9 views

CVE-2026-32501

CVE-2026-32501 concerns the WordPress WP Configurator Pro plugin (versions up to and including 3.7.9) and describes a Missing Authorization / Broken Access Control vulnerability caused by incorrectly configured access control security levels. The affected component is the WP Configurator Pro plug...

7.1CVSS5.8AI score0.00219EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:15 p.m.25 views

CVE-2026-32501 WordPress WP Configurator Pro plugin <= 3.7.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in wp-configurator WP Configurator Pro wp-configurator-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Configurator Pro: from n/a through = 3.7.9...

7.1CVSS0.00219EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/25 4:15 p.m.2 views

CVE-2026-32501

Missing Authorization vulnerability in wp-configurator WP Configurator Pro wp-configurator-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Configurator Pro: from n/a through = 3.7.9...

5.8AI score0.00219EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/25 4:15 p.m.1 views

CVE-2026-32501 WordPress WP Configurator Pro plugin <= 3.7.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in wp-configurator WP Configurator Pro wp-configurator-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Configurator Pro: from n/a through = 3.7.9...

7.1CVSS5.8AI score0.00219EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.5 views

PT-2026-28015

Missing Authorization vulnerability in wp-configurator WP Configurator Pro wp-configurator-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Configurator Pro: from n/a through = 3.7.9...

5.8AI score0.00219EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.8 views

WordPress plugin WP Configurator Pro 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

7.1CVSS5.8AI score0.00219EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/23 1:13 p.m.4 views

WordPress WP Configurator Pro plugin <= 3.7.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO in WordPress Plugin WP Configurator Pro versions = 3.7.9...

7.1CVSS5.8AI score0.00219EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/03/19 11:16 p.m.8 views

CVE-2026-29104

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, SuiteCRM contains an authenticated arbitrary file upload vulnerability in the Configurator module. An authenticated administrator can bypass intended file ty...

2.7CVSS0.0023EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:55 p.m.5 views

CVE-2026-29104

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, SuiteCRM contains an authenticated arbitrary file upload vulnerability in the Configurator module. An authenticated administrator can bypass intended file ty...

2.7CVSS5.7AI score0.0023EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/19 10:55 p.m.22 views

CVE-2026-29104 SuiteCRM Vulnerable to Authenticated Arbitrary File Upload via Configurator addfontresult View in SuiteCRM

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, SuiteCRM contains an authenticated arbitrary file upload vulnerability in the Configurator module. An authenticated administrator can bypass intended file ty...

2.7CVSS0.0023EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/19 10:55 p.m.3 views

CVE-2026-29104 SuiteCRM Vulnerable to Authenticated Arbitrary File Upload via Configurator addfontresult View in SuiteCRM

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, SuiteCRM contains an authenticated arbitrary file upload vulnerability in the Configurator module. An authenticated administrator can bypass intended file ty...

2.7CVSS5.7AI score0.0023EPSS
Exploits0References2
CVE
CVE
added 2026/03/19 10:55 p.m.16 views

CVE-2026-29104

SuiteCRM before versions 7.15.1 and 8.9.3 contains an authenticated arbitrary file upload vulnerability in the Configurator module. An authenticated administrator can bypass file-type restrictions when uploading PDF font files, allowing arbitrary files with attacker-controlled filenames to be wri...

2.7CVSS5.7AI score0.0023EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/03/19 10:55 p.m.4 views

EUVD-2026-13365

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, SuiteCRM contains an authenticated arbitrary file upload vulnerability in the Configurator module. An authenticated administrator can bypass intended file ty...

2.7CVSS5.7AI score0.0023EPSS
Exploits0References2
OSV
OSV
added 2026/03/19 10:55 p.m.2 views

CVE-2026-29104 SuiteCRM Vulnerable to Authenticated Arbitrary File Upload via Configurator addfontresult View in SuiteCRM

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, SuiteCRM contains an authenticated arbitrary file upload vulnerability in the Configurator module. An authenticated administrator can bypass intended file ty...

2.7CVSS5.8AI score0.0023EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.10 views

SuiteCRM 代码问题漏洞

SuiteCRM is a customer relationship management system developed by the SuiteCRM team. Versions of SuiteCRM prior to 7.15.1 and 8.9.3 had code vulnerabilities. These vulnerabilities stemmed from the Configurator module allowing authenticated users to upload arbitrary files, potentially bypassing...

2.7CVSS6AI score0.0023EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.11 views

PT-2026-26442

Name of the Vulnerable Software and Affected Versions SuiteCRM versions prior to 7.15.1 SuiteCRM versions prior to 8.9.3 Description SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, it contains an authenticated arbitrary fil...

2.7CVSS5.9AI score0.0023EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/02/11 8:26 a.m.28 views

CVE-2025-15440 iONE360 configurator <= 2.0.57 - Unauthenticated Stored Cross-Site Scripting via Contact Form Parameters

The iONE360 configurator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Form Parameters in all versions up to, and including, 2.0.57 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS0.00377EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/02/11 8:26 a.m.5 views

CVE-2025-15440 iONE360 configurator <= 2.0.57 - Unauthenticated Stored Cross-Site Scripting via Contact Form Parameters

The iONE360 configurator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Form Parameters in all versions up to, and including, 2.0.57 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS5.7AI score0.00377EPSS
Exploits0References9
Rows per page
Query Builder