Lucene search
K

474 matches found

CVE
CVE
added 2025/12/04 6:48 a.m.16 views

CVE-2025-12826

The CVE-2025-12826 entry describes a vulnerability in the WordPress plugin Custom Post Type UI (versions

4.8CVSS5.3AI score0.00295EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/04 6:48 a.m.24 views

CVE-2025-12826 Custom Post Type UI <= 1.18.0 - Missing Authorization to Unauthenticated (Previously Administrator+) Custom Post Type Modification

The Custom Post Type UI plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.18.0. This is due to the plugin not verifying that a user has the required capability to perform actions in the "cptuiprocessposttype" function. This makes it possible for...

4.8CVSS0.00295EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/04 6:48 a.m.6 views

CVE-2025-12826 Custom Post Type UI <= 1.18.0 - Missing Authorization to Unauthenticated (Previously Administrator+) Custom Post Type Modification

The Custom Post Type UI plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.18.0. This is due to the plugin not verifying that a user has the required capability to perform actions in the "cptuiprocessposttype" function. This makes it possible for...

4.8CVSS5.3AI score0.00295EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/12/04 12:5 a.m.5 views

WordPress Custom Post Type UI plugin <= 1.18.0 - Missing Authorization to Unauthenticated (Previously Administrator+) Custom Post Type Modification vulnerability

Missing Authorization to Unauthenticated Previously Administrator+ Custom Post Type Modification vulnerability discovered by mahdi salhi CaptinSharky01 - CaptinSharku in WordPress Plugin Custom Post Type UI versions = 1.18.0...

4.8CVSS6.7AI score0.00295EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/12/04 12:0 a.m.11 views

WordPress plugin Custom Post Type UI 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

4.8CVSS6.3AI score0.00295EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.4 views

PT-2025-49007

The Custom Post Type UI plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.18.0. This is due to the plugin not verifying that a user has the required capability to perform actions in the "cptui process post type" function. This makes it possible for...

4.8CVSS5.6AI score0.00295EPSS
Exploits0References3
CNVD
CNVD
added 2025/11/25 12:0 a.m.1 views

WordPress Custom Post Type plugin Cross-Site Request Forgery Vulnerability

WordPress Custom Post Type plugin is a collective term for a class of plugins that are designed to help users easily create and manage custom post types through a graphical interface. A cross-site request forgery vulnerability exists in the WordPress Custom Post Type plugin, which arises from a w...

4.3CVSS6.8AI score0.00108EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/22 8:35 a.m.5 views

CVE-2025-13142

The Custom Post Type plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the custom post type deletion functionality. This makes it possible for unauthenticated attackers to delete custom post types...

4.3CVSS5.4AI score0.00108EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/21 9:30 a.m.4 views

EUVD-2025-198391

The Custom Post Type plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the custom post type deletion functionality. This makes it possible for unauthenticated attackers to delete custom post types...

4.3CVSS4.9AI score0.00108EPSS
Exploits0References3
NVD
NVD
added 2025/11/21 8:15 a.m.6 views

CVE-2025-13142

The Custom Post Type plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the custom post type deletion functionality. This makes it possible for unauthenticated attackers to delete custom post types...

4.3CVSS0.00108EPSS
Exploits0References2
CVE
CVE
added 2025/11/21 7:31 a.m.10 views

CVE-2025-13142

CVE-2025-13142 affects the WordPress plugin Custom Post Type. The vulnerability is a Cross-Site Request Forgery (CSRF) on the custom post type deletion functionality, arising from missing nonce validation. This allows unauthenticated attackers to trigger deletions by tricking a site administrator...

4.3CVSS5AI score0.00108EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/21 7:31 a.m.4 views

CVE-2025-13142 Custom Post Type <= 1.0 - Cross-Site Request Forgery to Custom Post Type Deletion

The Custom Post Type plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the custom post type deletion functionality. This makes it possible for unauthenticated attackers to delete custom post types...

4.3CVSS5AI score0.00108EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/21 7:31 a.m.8 views

CVE-2025-13142 Custom Post Type <= 1.0 - Cross-Site Request Forgery to Custom Post Type Deletion

The Custom Post Type plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the custom post type deletion functionality. This makes it possible for unauthenticated attackers to delete custom post types...

4.3CVSS0.00108EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/21 12:0 a.m.6 views

PT-2025-47701

The Custom Post Type plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the custom post type deletion functionality. This makes it possible for unauthenticated attackers to delete custom post types...

4.3CVSS5.4AI score0.00108EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/21 12:0 a.m.3 views

WordPress plugin Custom Post Type 跨站请求伪造漏洞

WordPress Custom Post Type plugin is a collective term for a class of plugins that are designed to help users easily create and manage custom post types through a graphical interface. A cross-site request forgery vulnerability exists in the WordPress Custom Post Type plugin, which arises from a w...

4.3CVSS6.7AI score0.00108EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/11/20 10:45 p.m.6 views

WordPress Custom Post Type plugin <= 1.0 - Cross-Site Request Forgery to Custom Post Type Deletion vulnerability

Cross-Site Request Forgery to Custom Post Type Deletion vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Custom Post Type versions = 1.0...

4.3CVSS7AI score0.00108EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/07 5:33 p.m.5 views

CVE-2025-64224

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Conference Theme Custom Post Type grandconference-custom-post allows Reflected XSS.This issue affects Grand Conference Theme Custom Post Type: from n/a through 2.6.4...

7.1CVSS6.4AI score0.00174EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/06 6:32 p.m.5 views

EUVD-2025-38058

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Conference Theme Custom Post Type grandconference-custom-post allows Reflected XSS.This issue affects Grand Conference Theme Custom Post Type: from n/a through 2.6.4...

7.1CVSS5.9AI score0.00174EPSS
Exploits0References2
NVD
NVD
added 2025/11/06 4:16 p.m.7 views

CVE-2025-64224

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Conference Theme Custom Post Type grandconference-custom-post allows Reflected XSS.This issue affects Grand Conference Theme Custom Post Type: from n/a through 2.6.4...

7.1CVSS0.00174EPSS
Exploits0References1
OSV
OSV
added 2025/11/06 4:16 p.m.5 views

CVE-2025-64224

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Conference Theme Custom Post Type grandconference-custom-post allows Reflected XSS.This issue affects Grand Conference Theme Custom Post Type: from n/a through 2.6.4...

7.1CVSS5.8AI score0.00174EPSS
Exploits0References1
Rows per page
Query Builder