Lucene search
K

749 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/12 2:22 a.m.5 views

CVE-2026-3226

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized email notification triggering due to missing capability checks on all 10 functions in the SendEmailAjax class in all versions up to, and including, 4.3.2.8. The AbstractAjax::catchlpajax dispatcher verifies a...

4.3CVSS5.9AI score0.002EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/03/12 1:50 a.m.4 views

WordPress LearnPress plugin <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Notification Triggering vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Email Notification Triggering vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin LearnPress versions = 4.3.2.8...

4.3CVSS5.8AI score0.002EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.6 views

PT-2026-24912

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized email notification triggering due to missing capability checks on all 10 functions in the SendEmailAjax class in all versions up to, and including, 4.3.2.8. The AbstractAjax::catch lp ajax dispatcher verifies...

4.3CVSS5.9AI score0.002EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/03/11 7:8 a.m.3 views

CVE-2026-30913

Flarum is open-source forum software. When the flarum/nicknames extension is enabled, a registered user can set their nickname to a string that email clients interpret as a hyperlink. The nickname is inserted verbatim into plain-text notification emails, and recipients may be misled into visiting...

4.6CVSS5.8AI score0.00165EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/23 12:31 a.m.4 views

EUVD-2026-4270

Gitea may send release notification emails for private repositories to users whose access has been revoked...

3.5CVSS5.3AI score0.00237EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/17 3:24 a.m.22 views

CVE-2025-14463 Payment Button for PayPal <= 1.2.3.41 - Missing Authorization to Unauthenticated Arbitrary Order Creation

The Payment Button for PayPal plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 1.2.3.41. This is due to the plugin exposing a public AJAX endpoint wppaypalcheckoutajaxprocessorder that processes checkout results without any authentication or...

5.3CVSS0.00314EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/01/17 12:0 a.m.10 views

PT-2026-3343

The Payment Button for PayPal plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 1.2.3.41. This is due to the plugin exposing a public AJAX endpoint wppaypalcheckout ajax process order that processes checkout results without any authentication ...

5.3CVSS6.3AI score0.00314EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/01/09 10:35 a.m.6 views

CVE-2017-18910

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links...

4.3CVSS7AI score0.00581EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.5 views

CVE-2025-14901

The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...

6.5CVSS5.8AI score0.0035EPSS
Exploits0References1
NVD
NVD
added 2026/01/07 12:16 p.m.5 views

CVE-2025-14901

The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...

6.5CVSS0.0035EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/07 6:35 a.m.5 views

CVE-2025-14901 Bit Form – Contact Form Plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay

The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...

6.5CVSS5.5AI score0.0035EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/07 6:35 a.m.26 views

CVE-2025-14901 Bit Form – Contact Form Plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay

The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...

6.5CVSS0.0035EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.6 views

PT-2026-1572

Name of the Vulnerable Software and Affected Versions Bit Form – Contact Form Plugin versions prior to 2.21.7 Description The Bit Form – Contact Form Plugin for WordPress has a flaw allowing unauthorized workflow execution. The triggerWorkFlow function lacks proper authorization, specifically in...

6.5CVSS6.7AI score0.0035EPSS
Exploits0References6
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.8 views

WordPress Email Notifications for Updates plugin <= 1.1.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by kr0d in WordPress Plugin Email Notifications for Updates versions = 1.1.6...

8.8CVSS5.5AI score0.00366EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2025/12/18 8:46 p.m.3 views

Cross-site Scripting (XSS)

Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the GetFieldValueForMail method in the BizFormMailSender class. An attacker can inject arbitrary HTML...

6.1CVSS5.3AI score0.00165EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-10000

Malware in sbrugna...

4.3CVSS4.9AI score0.00581EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2015-8362

Malware in sbrugna...

3.5CVSS4AI score0.01255EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-3215

Malware in sbrugna...

4.3CVSS4.6AI score0.01044EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2019-16347

Malware in sbrugna...

4.3CVSS5.3AI score0.00808EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-0126

Malware in sbrugna...

6.1CVSS6.1AI score0.01392EPSS
Exploits0References10
Rows per page
Query Builder