Lucene search
K

4430 matches found

Vulnrichment
Vulnrichment
added 2026/04/08 8:30 a.m.1 views

CVE-2026-39688 WordPress WP Frontend Profile plugin <= 1.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through = 1.3.9...

5.3CVSS5.9AI score0.00218EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.21 views

CVE-2026-39688 WordPress WP Frontend Profile plugin <= 1.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through = 1.3.9...

5.3CVSS0.00218EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.5 views

CVE-2026-39688

Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through = 1.3.9...

5.3CVSS5.9AI score0.00218EPSS
Exploits0References2
CVE
CVE
added 2026/04/08 8:30 a.m.9 views

CVE-2026-39688

The CVE-2026-39688 entry concerns the Glowlogix WordPress WP Frontend Profile plugin (wp-front-end-profile) with vulnerable versions up to 1.3.9. It is described as Missing Authorization due to Incorrectly Configured Access Control, enabling a Broken Access Control vulnerability. The CVSSv3.1 bas...

5.3CVSS5.9AI score0.00218EPSS
Exploits0References1
NVD
NVD
added 2026/04/08 7:16 a.m.8 views

CVE-2026-3477

The PZ Frontend Manager plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.6. The pzfmuserrequestactioncallback function, registered via the wpajaxpzfmuserrequestaction action hook, lacks both capability checks and nonce verification. This function...

5.3CVSS0.00319EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/04/08 6:43 a.m.3 views

CVE-2026-3477 PZ Frontend Manager <= 1.0.6 - Missing Authorization to Arbitrary User Deletion via 'dataType' Parameter

The PZ Frontend Manager plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.6. The pzfmuserrequestactioncallback function, registered via the wpajaxpzfmuserrequestaction action hook, lacks both capability checks and nonce verification. This function...

5.3CVSS6AI score0.00319EPSS
Exploits0References7
CVE
CVE
added 2026/04/08 6:43 a.m.9 views

CVE-2026-3477

CVE-2026-3477 concerns the PZ Frontend Manager plugin for WordPress (versions up to 1.0.6). The vulnerability stems from the AJAX handler pzfm_user_request_action_callback(), registered via wp_ajax_pzfm_user_request_action, which lacks both capability checks and nonce verification. When the reque...

5.3CVSS6AI score0.00319EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/04/08 2:4 a.m.6 views

WordPress PZ Frontend Manager plugin <= 1.0.6 - Missing Authorization to Arbitrary User Deletion via 'dataType' Parameter vulnerability

Missing Authorization to Arbitrary User Deletion via 'dataType' Parameter vulnerability discovered by theviper17y in WordPress Plugin pz-frontend-manager versions = 1.0.6...

5.3CVSS5.9AI score0.00319EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.3 views

PT-2026-31093

Name of the Vulnerable Software and Affected Versions PZ Frontend Manager plugin for WordPress versions up to and including 1.0.6 Description The PZ Frontend Manager plugin for WordPress is susceptible to a missing authorization issue. The pzfm user request action callback function, accessible...

5.3CVSS5.8AI score0.00319EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.4 views

PT-2026-31250

Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through = 1.3.9...

5.3CVSS5.9AI score0.00218EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.8 views

WordPress plugin PZ Frontend Manager 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

5.3CVSS5.8AI score0.00319EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.9 views

WordPress plugin WP Frontend Profile 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00218EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/07 5:3 p.m.5 views

CVE-2026-35035

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.2.0, the application fails to properly sanitize user-controlled input within System Settings – Company Information. Several administrative...

9CVSS6AI score0.00455EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/07 6:0 a.m.18 views

CVE-2025-15611 Popup Box AYS Pro < 5.5.0 - Admin+ Stored Cross-Site Scripting (XSS) via CSRF

The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the addoreditpopupbox function before saving popup data, allowing unauthenticated attackers to perform Cross-Site Request Forgery attacks. When an authenticated admin visits a malicious page, the attacker can create ...

0.00136EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/06 5:53 p.m.5 views

EUVD-2026-19374

CI4MS: Company Information Public-Facing Page Full Platform Compromise & Full Account Takeover for All Roles & Privilege-Escalation via System Settings Company Information Stored DOM XSS...

7.2CVSS5.9AI score0.00455EPSS
Exploits1References2
NVD
NVD
added 2026/04/06 5:17 p.m.5 views

CVE-2026-35035

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.2.0, the application fails to properly sanitize user-controlled input within System Settings – Company Information. Several administrative...

9CVSS0.00455EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/06 4:49 p.m.20 views

CVE-2026-35035 CI4MS Company Information Public-Facing Page Full Platform Compromise & Full Account Takeover for All Roles & Privilege-Escalation via System Settings Company Information Stored DOM XSS

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.2.0, the application fails to properly sanitize user-controlled input within System Settings – Company Information. Several administrative...

7.2CVSS0.00455EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/06 4:49 p.m.2 views

CVE-2026-35035

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.2.0, the application fails to properly sanitize user-controlled input within System Settings – Company Information. Several administrative...

7.2CVSS6AI score0.00455EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/04/06 4:49 p.m.17 views

CVE-2026-35035

Summary: CVE-2026-35035 affects CI4MS (CodeIgniter 4-based CMS skeleton). A stored XSS vulnerability exists in System Settings – Company Information where attacker-controlled fields (e.g., Company Name, Slogan, contact fields, Google Maps link, media fields) are input and persisted server-side, t...

9CVSS6AI score0.00455EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/06 4:49 p.m.4 views

CVE-2026-35035 CI4MS Company Information Public-Facing Page Full Platform Compromise & Full Account Takeover for All Roles & Privilege-Escalation via System Settings Company Information Stored DOM XSS

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.2.0, the application fails to properly sanitize user-controlled input within System Settings – Company Information. Several administrative...

7.2CVSS6AI score0.00455EPSS
Exploits1References1
Rows per page
Query Builder