Lucene search
+L

210 matches found

CVE
CVE
added 2026/02/11 9:27 a.m.31 views

CVE-2026-2295

CVE-2026-2295 affects the WordPress plugin “WPZOOM Addons for Elementor – Starter Templates & Widgets” up to version 1.3.2, exposing protected post titles and excerpts via an unauthenticated request to ajax_post_grid_load_more due to a missing capability check. Multiple sources (Wordfence, CVE en...

5.3CVSS5.5AI score0.00325EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.18 views

PT-2026-7511

The WPZOOM Addons for Elementor – Starter Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajax post grid load more' function in all versions up to, and including, 1.3.2. This makes it possible for unauthenticated...

5.3CVSS5.5AI score0.00325EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/02/10 11:27 p.m.8 views

WordPress WPZOOM Addons for Elementor - Starter Templates & Widgets plugin <= 1.3.2 - Unauthenticated Protected Post Exposure via ajax_post_grid_load_more vulnerability

WordPress WPZOOM Addons for Elementor - Starter Templates & Widgets plugin = 1.3.2 - Unauthenticated Protected Post Exposure via ajaxpostgridloadmore vulnerability discovered by Webbernaut in WordPress Plugin WPZOOM Addons for Elementor versions = 1.3.2...

5.3CVSS5.5AI score0.00325EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/01 9:18 a.m.20 views

CVE-2025-15525

The Ajax Load More – Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable to unauthorized access of data due to incorrect authorization on the parsecustomargs function in all versions up to, and including, 7.8.1. This makes it possible for unauthenticated attackers to expose...

5.3CVSS5.9AI score0.00264EPSS
Exploits0References1
NVD
NVD
added 2026/01/31 5:16 a.m.11 views

CVE-2025-15525

The Ajax Load More – Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable to unauthorized access of data due to incorrect authorization on the parsecustomargs function in all versions up to, and including, 7.8.1. This makes it possible for unauthenticated attackers to expose...

5.3CVSS0.00264EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/31 4:35 a.m.36 views

CVE-2025-15525 Ajax Load More – Infinite Scroll, Lazy Load & Load More <= 7.8.1 - Incorrect Authorization to Unauthenticated Private/Draft Post Title and Excerpt Exposure

The Ajax Load More – Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable to unauthorized access of data due to incorrect authorization on the parsecustomargs function in all versions up to, and including, 7.8.1. This makes it possible for unauthenticated attackers to expose...

5.3CVSS0.00264EPSS
Exploits0References2
CVE
CVE
added 2026/01/31 4:35 a.m.25 views

CVE-2025-15525

CVE-2025-15525 affects the WordPress plugin “Ajax Load More – Infinite Scroll, Load More, & Lazy Load.” The vulnerability arises from incorrect authorization in the parse_custom_args() function, allowing unauthenticated users to view titles and excerpts of private, draft, pending, scheduled, and ...

5.3CVSS5.9AI score0.00264EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/01/30 10:49 p.m.11 views

WordPress Ajax Load More - Infinite Scroll, Lazy Load & Load More plugin <= 7.8.1 - Incorrect Authorization to Unauthenticated Private/Draft Post Title and Excerpt Exposure vulnerability

WordPress Ajax Load More - Infinite Scroll, Lazy Load & Load More plugin = 7.8.1 - Incorrect Authorization to Unauthenticated Private/Draft Post Title and Excerpt Exposure vulnerability discovered by shark3y in WordPress Plugin Ajax Load More versions = 7.8.1...

5.3CVSS5.9AI score0.00264EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/01 6:25 a.m.17 views

CVE-2025-14434

The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upkalexgridloadmoreposts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...

5.3CVSS6.9AI score0.00245EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/31 6:30 a.m.5 views

EUVD-2025-205885

The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upkalexgridloadmoreposts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...

6.4AI score0.00245EPSS
Exploits0References3
NVD
NVD
added 2025/12/31 6:15 a.m.8 views

CVE-2025-14434

The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upkalexgridloadmoreposts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...

5.3CVSS0.00245EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/31 6:0 a.m.6 views

CVE-2025-14434 Ultimate Post Kit < 4.0.16 – Unauthenticated Arbitrary Post Content Disclosure

The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upkalexgridloadmoreposts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...

6.5AI score0.00245EPSS
Exploits0References1
CVE
CVE
added 2025/12/31 6:0 a.m.20 views

CVE-2025-14434

CVE-2025-14434 affects the WordPress plugin “Ultimate Post Kit Addons for Elementor” (versions prior to 4.0.16). The issue arises from multiple AJAX endpoints (e.g., loadmore posts) that do not verify whether targeted posts are published, enabling an unauthenticated attacker to query arbitrary po...

5.3CVSS6.5AI score0.00245EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/31 12:0 a.m.10 views

PT-2025-54283

The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upk alex grid loadmore posts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...

6.9AI score0.00245EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.9 views

WordPress Ajax Load More plugin < 2.8.1.2 - Subscriber+ File Upload & Deletion vulnerability

Subscriber+ File Upload & Deletion vulnerability discovered by PizzaHatHacker in WordPress Plugin Ajax Load More versions 2.8.1.2...

8.8CVSS5.5AI score0.00984EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2021-11054

Malware in sbrugna...

7.2CVSS7AI score0.01205EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2015-9400

Malware in sbrugna...

8.8CVSS6.3AI score0.00984EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-52112

Malicious code in bioql PyPI...

7.1CVSS8.9AI score0.00152EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.14 views

EUVD-2024-43521

Malicious code in bioql PyPI...

7.1CVSS6.5AI score0.00281EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-13754

Malicious code in bioql PyPI...

6.5CVSS7.2AI score0.0021EPSS
Exploits0References1
Rows per page
Query Builder