Lucene search
K

65 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-12491

Malicious code in bioql PyPI...

8.8CVSS9AI score0.00387EPSS
Exploits0References5
CNVD
CNVD
added 2025/09/12 12:0 a.m.4 views

WordPress NitroPack plugin unauthorized modification vulnerability

WordPress NitroPack plugin is a speed optimization plugin that is mainly used to improve the loading speed of your website. WordPress NitroPack plugin has an unauthorized modification vulnerability that stems from a lack of capability check in the function nitropacksetcompressionajax, which can b...

4.3CVSS6.7AI score0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/26 7:6 a.m.9 views

CVE-2024-8860 Tourfic <= 2.14.5 - Missing Authorization in Multiple Functions

The Tourfic plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tforderstatusemailresendfunction, tfvisitordetailseditfunction, tfcheckinoutdetailseditfunction, tforderstatuseditfunction, tforderbulkactioneditfunction,...

4.3CVSS0.0023EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/06/19 12:5 p.m.8 views

CVE-2025-3880

The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on several functions in all versions up to, and including, 19.9.0. This makes it possible for authenticated attackers, with...

4.3CVSS4.2AI score0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:41 a.m.11 views

CVE-2024-1091

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reinitialize function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS6.4AI score0.00347EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:18 a.m.8 views

CVE-2024-10216

The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'addsidebar' and 'removesidebar' functions in all versions up to, and including, 2.9.11. This makes it possible for authenticate...

4.3CVSS6.5AI score0.00429EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:11 a.m.7 views

CVE-2024-12781

The Aurum - WordPress & WooCommerce Shopping Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'lab1cldemoinstallpackagecontent' function in all versions up to, and including, 4.0.2. This makes it possible for authenticated...

4.3CVSS6.5AI score0.00317EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:0 a.m.20 views

CVE-2024-6754

The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the ‘wpwautoposterupdatetweettemplate’ function in all versions up to, and including, 5.3.14. This makes it possible for authenticated attackers, with Subscriber-level...

5.4CVSS6.2AI score0.00264EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:39 a.m.7 views

CVE-2023-26282

IBM Watson CP4D Data Stores 4.6.0 through 4.6.3 could allow a user with physical access and specific knowledge of the system to modify files or data on the system. IBM X-Force ID: 248415...

4.2CVSS6.1AI score0.0024EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:31 a.m.7 views

CVE-2023-5411

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2savepost function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

4.3CVSS6.4AI score0.00395EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:26 a.m.6 views

CVE-2023-4947

The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordereandata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...

4.3CVSS6.4AI score0.00357EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/22 4:14 p.m.24 views

CVE-2025-33136 IBM Aspera Faspex data modification

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data...

7.1CVSS0.00287EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:49 p.m.9 views

CVE-2018-1999032

A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to override this plugin's configuration by sending crafted HTTP requests to an unprotected endpoint...

6.5CVSS6.5AI score0.01019EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:15 a.m.18 views

CVE-2019-1003017

A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration...

5.3CVSS6.5AI score0.00524EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:53 a.m.10 views

CVE-2018-1999037

A data modification vulnerability exists in Jenkins Resource Disposer Plugin 0.11 and earlier in AsyncResourceDisposer.java that allows attackers to stop tracking a resource...

4.3CVSS6.6AI score0.00761EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/10 9:47 a.m.11 views

CVE-2025-3437

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in the ajaxactions.php file in all versions up to, and including, 1.4.66. This makes it possible for authenticate...

4.3CVSS6.8AI score0.00273EPSS
Exploits0References1
NVD
NVD
added 2025/03/07 7:15 a.m.9 views

CVE-2024-13655

The Flex Mag - Responsive WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanelofajaxcallback function in all versions up to, and including, 3.5.2. This makes it possible f...

8.1CVSS0.00312EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/14 4:34 a.m.8 views

CVE-2024-12164

The WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsslwpresetsettings function in all versions up to, and including, 1.6. This makes it possible for authenticated...

4.3CVSS9AI score0.00389EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/01 12:0 a.m.7 views

WordPress plugin AnimateGL Animations for WordPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS8.6AI score0.00295EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/21 12:0 a.m.6 views

Oracle JD Edwards Products 安全漏洞

Oracle JD Edwards Products is a fully integrated suite of Enterprise Resource Planning ERP applications from Oracle Corporation USA. The products provide application modules for financial management, project management, and asset lifecycle management. A security vulnerability exists in Oracle JD...

6.1CVSS8.5AI score0.00369EPSS
Exploits0References2
Rows per page
Query Builder