Lucene search
K

286 matches found

Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.16 views

PT-2026-7511

The WPZOOM Addons for Elementor – Starter Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajax post grid load more' function in all versions up to, and including, 1.3.2. This makes it possible for unauthenticated...

5.3CVSS5.5AI score0.00325EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/02/05 8:37 p.m.7 views

WordPress Relevanssi Premium plugin < 2.25.0 - Unauthenticated Private/Draft Post Disclosure vulnerability

Unauthenticated Private/Draft Post Disclosure vulnerability discovered by Krzysztof Zając CERT PL in WordPress Plugin Relevanssi Premium versions 2.25.0...

5.3CVSS5.3AI score0.00616EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2026/02/05 8:36 p.m.7 views

WordPress Relevanssi plugin < 4.22.0 - Unauthenticated Private/Draft Post Disclosure vulnerability

Unauthenticated Private/Draft Post Disclosure vulnerability discovered by Krzysztof Zając CERT PL in WordPress Plugin Relevanssi versions 4.22.0...

5.3CVSS5.3AI score0.00616EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 1:19 a.m.7 views

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.13 - Unauthenticated Draft Posts Information Exposure vulnerability

Unauthenticated Draft Posts Information Exposure vulnerability discovered by Nguyen C in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.13...

5.3CVSS5.9AI score0.00214EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/01/31 4:35 a.m.29 views

CVE-2025-15525 Ajax Load More – Infinite Scroll, Lazy Load & Load More <= 7.8.1 - Incorrect Authorization to Unauthenticated Private/Draft Post Title and Excerpt Exposure

The Ajax Load More – Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable to unauthorized access of data due to incorrect authorization on the parsecustomargs function in all versions up to, and including, 7.8.1. This makes it possible for unauthenticated attackers to expose...

5.3CVSS0.00264EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/26 3:12 a.m.18 views

CVE-2025-6461

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-ajax-hooks.php due to insufficient restrictions on which posts can be included. This makes it...

4.3CVSS5.6AI score0.00196EPSS
Exploits0References1
NVD
NVD
added 2026/01/25 3:15 a.m.7 views

CVE-2025-6461

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-ajax-hooks.php due to insufficient restrictions on which posts can be included. This makes it...

4.3CVSS0.00196EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/25 2:22 a.m.15 views

EUVD-2026-4642

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-ajax-hooks.php due to insufficient restrictions on which posts can be included. This makes it...

4.3CVSS5.6AI score0.00196EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/25 2:22 a.m.4 views

CVE-2025-6461 CubeWP – All-in-One Dynamic Content Framework <= 1.1.27 - Unauthenticated Post Disclosure in class-cubewp-search-ajax-hooks.php

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-ajax-hooks.php due to insufficient restrictions on which posts can be included. This makes it...

4.3CVSS5.9AI score0.00196EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/25 2:22 a.m.32 views

CVE-2025-6461 CubeWP – All-in-One Dynamic Content Framework <= 1.1.27 - Unauthenticated Post Disclosure in class-cubewp-search-ajax-hooks.php

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-ajax-hooks.php due to insufficient restrictions on which posts can be included. This makes it...

4.3CVSS0.00196EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/25 12:0 a.m.12 views

PT-2026-4645

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-ajax-hooks.php due to insufficient restrictions on which posts can be included. This makes it...

4.3CVSS5.6AI score0.00196EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/18 8:3 a.m.17 views

CVE-2025-12129

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the /cubewp-posts/v1/query-new and /cubewp-posts/v1/query REST API endpoints due to insufficient restrictions on which posts can be include...

5.3CVSS6.2AI score0.00219EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/17 7:27 a.m.4 views

CVE-2025-12129

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the /cubewp-posts/v1/query-new and /cubewp-posts/v1/query REST API endpoints due to insufficient restrictions on which posts can be include...

5.3CVSS5.5AI score0.00219EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/17 7:27 a.m.24 views

CVE-2025-12129 CubeWP – All-in-One Dynamic Content Framework <= 1.1.27 - Unauthenticated Information Exposure

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the /cubewp-posts/v1/query-new and /cubewp-posts/v1/query REST API endpoints due to insufficient restrictions on which posts can be include...

5.3CVSS0.00219EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/17 7:27 a.m.6 views

EUVD-2026-3147

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the /cubewp-posts/v1/query-new and /cubewp-posts/v1/query REST API endpoints due to insufficient restrictions on which posts can be include...

5.3CVSS5.7AI score0.00219EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/17 12:0 a.m.10 views

PT-2026-3353

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the /cubewp-posts/v1/query-new and /cubewp-posts/v1/query REST API endpoints due to insufficient restrictions on which posts can be include...

5.3CVSS6.2AI score0.00219EPSS
Exploits0References3
CVE
CVE
added 2026/01/16 4:44 a.m.17 views

CVE-2025-15527

CVE-2025-15527 : WP Recipe Maker for WordPress is vulnerable to Information Exposure up to version 10.2.2 via api_get_post_summary, due to insufficient post-retrieval restrictions. Authenticated attackers with Contributor+ access can read data from posts they shouldn’t be able to edit or read, in...

4.3CVSS5.6AI score0.00319EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/01/16 4:44 a.m.3 views

CVE-2025-15527 WP Recipe Maker <= 10.2.2 - Insecure Direct Object Reference to Sensitive Information Exposure

The WP Recipe Maker plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 10.2.2 via the apigetpostsummary function due to insufficient restrictions on which posts can be retrieved. This makes it possible for authenticated attackers, with Contributor-level...

4.3CVSS5.6AI score0.00319EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/01/16 4:44 a.m.4 views

CVE-2025-15527

The WP Recipe Maker plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 10.2.2 via the apigetpostsummary function due to insufficient restrictions on which posts can be retrieved. This makes it possible for authenticated attackers, with Contributor-level...

4.3CVSS5.5AI score0.00319EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/01/16 12:0 a.m.12 views

PT-2026-3217

The WP Recipe Maker plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 10.2.2 via the api get post summary function due to insufficient restrictions on which posts can be retrieved. This makes it possible for authenticated attackers, with Contributor-leve...

4.3CVSS6AI score0.00319EPSS
Exploits0References6
Rows per page
Query Builder