Lucene search
K

97 matches found

CVE
CVE
added 4 days ago5 views

CVE-2026-6802

The CVE-2026-6802 entry concerns the WordPress plugin Easy Upload Files During Checkout, affected up to version 3.0.1. The vulnerability stems from missing authorization checks in the ufdc_custom_init() function, which processes the eufdc-delete parameter without nonce verification, capability ch...

5.3CVSS6.2AI score0.00243EPSS
Exploits0References8
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-6802 Easy Upload Files During Checkout <= 3.0.1 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion via 'eufdc-delete' Parameter

The Easy Upload Files During Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.0.1. This is due to missing authorization checks in the ufdccustominit function, which processes the 'eufdc-delete' parameter without any nonce verification,...

5.3CVSS0.00243EPSS
Exploits0References8
NVD
NVD
added 2026/07/05 4:19 p.m.10 views

CVE-2026-14762

A vulnerability was detected in code-projects Hotel and Tourism Reservation 1.0. The impacted element is an unknown function of the file /admin/rooms.php of the component Room Management Page. The manipulation of the argument delete results in sql injection. It is possible to launch the attack...

7.5CVSS0.00269EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/07/05 4:0 p.m.9 views

CVE-2026-14762

A vulnerability was detected in code-projects Hotel and Tourism Reservation 1.0. The impacted element is an unknown function of the file /admin/rooms.php of the component Room Management Page. The manipulation of the argument delete results in sql injection. It is possible to launch the attack...

7.5CVSS6.8AI score0.00269EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2026/07/05 2:15 p.m.11 views

CVE-2026-14755

The CVE concerns code-projects Hotel and Tourism Reservation 1.0. The vulnerability exists in the Reservations Management Page (/admin/reservations.php), where manipulating the delete parameter causes SQL injection. Likely exploitable remotely with no authentication required, as indicated by CVSS...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.11 views

PT-2026-55812

Name of the Vulnerable Software and Affected Versions code-projects Hotel and Tourism Reservation version 1.0 Description An issue exists in the Room Management Page component within the file /admin/rooms.php. A remote attacker can perform a SQL injection—a technique used to manipulate a database...

7.5CVSS7.2AI score0.00269EPSS
Exploits1References9
Cvelist
Cvelist
added 2026/05/25 9:0 a.m.39 views

CVE-2026-9444 SourceCodester Simple POS and Inventory System GET Parameter deleteproduct.php delete sql injection

A vulnerability was detected in SourceCodester Simple POS and Inventory System 1.0. This issue affects the function delete of the file /admin/deleteproduct.php of the component GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack may be launched remotely...

5.8CVSS0.00258EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/22 4:29 a.m.43 views

CVE-2026-4070 Alfie <= 1.2.1 - Cross-Site Request Forgery to Feed Deletion via 'delete' Parameter

The Alfie – Feed Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfiemanage function which handles feed deletion via the 'delete' GET parameter. This makes it possible for...

4.3CVSS0.00164EPSS
Exploits0References5
CVE
CVE
added 2026/05/22 4:29 a.m.22 views

CVE-2026-4070

The CVE-2026-4070 entry concerns the Alfie – Feed Plugin for WordPress (versions up to 1.2.1). It is a Cross-Site Request Forgery (CSRF) vulnerability caused by missing nonce validation in the alfie_manage() function, which handles feed deletion via the GET parameter ‘delete’. This allows an unau...

4.3CVSS5.9AI score0.00164EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/22 4:29 a.m.9 views

CVE-2026-4070 Alfie <= 1.2.1 - Cross-Site Request Forgery to Feed Deletion via 'delete' Parameter

The Alfie – Feed Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfiemanage function which handles feed deletion via the 'delete' GET parameter. This makes it possible for...

4.3CVSS5.9AI score0.00164EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.13 views

PT-2026-42724

Name of the Vulnerable Software and Affected Versions Alfie – Feed Plugin for WordPress versions prior to 1.2.2 Description Cross-Site Request Forgery occurs due to missing nonce validation in the alfie manage function, which handles feed deletion through the 'delete' GET parameter. This allows...

4.3CVSS5.8AI score0.00164EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.9 views

Hotel Management System SQL注入漏洞

Hotel Management System is a MIS project developed by Prem Chand Saini in India, based on a hotel management system. The Hotel Management System bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15 and previous versions have a SQL injection vulnerability. This vulnerability arises from improper handling of t...

7.5CVSS7.2AI score0.00259EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/10 5:44 p.m.2 views

CVE-2026-32894

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the gradebook result view page allows any authenticated teacher to delete any student's grade result across the entire platform by manipulating the deletemark or...

7.1CVSS5.8AI score0.0028EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.6 views

PT-2026-32003

Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 1.11.38 Chamilo LMS versions prior to 2.0.0-RC.3 Description Chamilo LMS contains an Insecure Direct Object Reference IDOR issue in the gradebook result view page. An authenticated teacher can delete any student's...

7.1CVSS5.8AI score0.0028EPSS
Exploits1References6
NVD
NVD
added 2026/04/08 10:16 p.m.4 views

CVE-2026-5810

A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /delete.php of the component GET Parameter Handler. This manipulation of the argument ID causes cross site scripting. Remote exploitation of the attack is possible. The exploit has...

5.1CVSS0.0024EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/08 10:0 p.m.2 views

CVE-2026-5810

A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /delete.php of the component GET Parameter Handler. This manipulation of the argument ID causes cross site scripting. Remote exploitation of the attack is possible. The exploit has...

5.1CVSS4.7AI score0.0024EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/04/08 10:0 p.m.26 views

CVE-2026-5810 SourceCodester Sales and Inventory System GET Parameter delete.php cross site scripting

A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /delete.php of the component GET Parameter Handler. This manipulation of the argument ID causes cross site scripting. Remote exploitation of the attack is possible. The exploit has...

5.1CVSS0.0024EPSS
Exploits0References5
NVD
NVD
added 2026/04/03 8:16 a.m.7 views

CVE-2026-4350

The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2.5.9.1. This is due to the PMCS::actionhandler method processing the $GET'delete' parameter without any sanitization, authorization check, or nonce verification...

8.1CVSS0.00658EPSS
Exploits1References2
CVE
CVE
added 2026/04/03 7:41 a.m.55 views

CVE-2026-4350

CVE-2026-4350 – Perfmatters WordPress plugin : The vulnerability affects versions up to 2.5.9.1. The PMCS::action_handler() mishandles the $_GET['delete'] parameter without sanitization, authorization, or nonce verification, allowing path traversal via ../ and triggering arbitrary file deletion (...

8.1CVSS6AI score0.00658EPSS
Exploits1References2
Patchstack
Patchstack
added 2026/04/03 6:57 a.m.5 views

WordPress Perfmatters plugin <= 2.5.9.1 - Authenticated (Subscriber+) Arbitrary File Deletion via 'delete' Parameter vulnerability

Authenticated Subscriber+ Arbitrary File Deletion via 'delete' Parameter vulnerability discovered by hoshino in WordPress Plugin Perfmatters versions = 2.5.9.1...

8.1CVSS5.9AI score0.00658EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder