Lucene search
K

285 matches found

Cvelist
Cvelist
added 6 hours ago4 views

CVE-2025-69134 WordPress OpenAI Chatbot for WordPress – Helper plugin <= 1.1.4 - Arbitrary Content Deletion vulnerability

Unauthenticated Arbitrary Content Deletion in OpenAI Chatbot for WordPress – Helper = 1.1.4 versions...

7.5CVSS
Exploits0References1
CVE
CVE
added 6 hours ago8 views

CVE-2025-69134

CVE-2025-69134: WordPress OpenAI Chatbot for WordPress – Helper plugin

7.5CVSS5.8AI score
Exploits0References1
Patchstack
Patchstack
added 3 days ago5 views

WordPress OpenAI Chatbot for WordPress – Helper plugin <= 1.1.4 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by Denver Jackson in WordPress Plugin OpenAI Chatbot for WordPress – Helper versions = 1.1.4...

7.5CVSS5.8AI score
Exploits0Affected Software1
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-39433

Subscriber Arbitrary Content Deletion in WPAMS 49.5.3 versions...

6.5CVSS0.00352EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:19 p.m.8 views

CVE-2025-69103

Subscriber Arbitrary Content Deletion in Brikk = 3.0.0 versions...

7.5CVSS0.00407EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.21 views

CVE-2026-39433 WordPress WPAMS plugin < 49.5.3 - Arbitrary Content Deletion vulnerability

Subscriber Arbitrary Content Deletion in WPAMS 49.5.3 versions...

6.5CVSS0.00352EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:57 p.m.8 views

CVE-2026-39433

The CVE-2026-39433 entry concerns the WordPress WPAMS plugin (Apartment Management) with versions

6.5CVSS5.2AI score0.00352EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-50080

Subscriber Arbitrary Content Deletion in Brikk = 3.0.0 versions...

7.5CVSS5.2AI score0.00407EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.8 views

PT-2026-50092

Subscriber Arbitrary Content Deletion in WPAMS 49.5.3 versions...

6.5CVSS5.2AI score0.00352EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.9 views

CVE-2026-6512

The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to permanently delete...

9.1CVSS5.6AI score0.00264EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/26 5:43 a.m.9 views

WordPress Brikk theme <= 3.0.0 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by Denver Jackson in WordPress Theme Brikk versions = 3.0.0...

5.8AI score0.00407EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/14 8:24 a.m.7 views

CVE-2026-6512

The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to permanently delete...

9.1CVSS5.9AI score0.00264EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

WordPress plugin InfusedWoo Pro 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.1CVSS5.8AI score0.00264EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 5:29 a.m.36 views

CVE-2026-6965 Tutor LMS <= 3.9.9 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Post Deletion via 'course' GET Parameter

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9.9. This is due to the getcourseidby function unconditionally trusting the user-supplied course GET parameter as the authoritative course ...

5.3CVSS0.00304EPSS
Exploits0References53
Vulnrichment
Vulnrichment
added 2026/05/13 5:29 a.m.9 views

CVE-2026-6965 Tutor LMS <= 3.9.9 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Post Deletion via 'course' GET Parameter

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9.9. This is due to the getcourseidby function unconditionally trusting the user-supplied course GET parameter as the authoritative course ...

5.3CVSS5.7AI score0.00304EPSS
Exploits0References53
RedhatCVE
RedhatCVE
added 2026/05/07 8:21 p.m.8 views

CVE-2026-40309

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cTrash.empty function does not validate anti-CSRF tokens for trash management requests. An attacker can induce a logged-in administrator to submit a forged request that empties the trash and permanent...

7.2CVSS5.7AI score0.00165EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/06 7:42 p.m.8 views

EUVD-2026-28156

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cTrash.empty function does not validate anti-CSRF tokens for trash management requests. An attacker can induce a logged-in administrator to submit a forged request that empties the trash and permanent...

7.2CVSS5.7AI score0.00165EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-38227

Name of the Vulnerable Software and Affected Versions Masa CMS versions prior to 7.2.10 Masa CMS versions prior to 7.3.15 Masa CMS versions prior to 7.4.10 Masa CMS versions prior to 7.5.3 Description The cTrash.empty function fails to validate anti-CSRF Cross-Site Request Forgery tokens for tras...

7.2CVSS5.8AI score0.00165EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/22 9:25 p.m.6 views

CVE-2026-41175

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.20 and 6.13.0, manipulating query parameters on Control Panel and REST API endpoints, or arguments in GraphQL queries, could result in the loss of content, assets, and user accounts. The Control Panel...

8.1CVSS5.7AI score0.00304EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 9:25 p.m.7 views

CVE-2026-41175 Statamic: Unsafe method invocation via query value resolution allows data destruction

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.20 and 6.13.0, manipulating query parameters on Control Panel and REST API endpoints, or arguments in GraphQL queries, could result in the loss of content, assets, and user accounts. The Control Panel...

8.1CVSS5.7AI score0.00304EPSS
Exploits0References1
Rows per page
Query Builder