Lucene search
+L

137 matches found

Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-15350 The Cache Purger <= 2.3.20 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Log Deletion via 'the_log_purge' Parameter

The The Cache Purger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.3.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS0.00222EPSS
Exploits0References6
CVE
CVE
added 2 days ago12 views

CVE-2026-15350

CVE-2026-15350 affects the WordPress plugin The Cache Purger (up to version 2.3.20). The vulnerability is an authorization bypass that allows authenticated users with subscriber-level access or higher to permanently truncate the plugin’s cache-purge audit log (wp-content/purge.log), destroying th...

4.3CVSS6.1AI score0.00222EPSS
Exploits0References6
NVD
NVD
added 2026/07/03 6:16 a.m.10 views

CVE-2026-12557

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.3.29. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to read all...

5.3CVSS0.00223EPSS
Exploits0References2
CVE
CVE
added 2026/07/03 4:30 a.m.22 views

CVE-2026-12557

CVE-2026-12557 affects the Ninja Forms - File Uploads plugin for WordPress. All versions up to 3.3.29 allow an unauthenticated user to bypass authorization, enabling reads of plugin debug logs stored in the wp_nf3_log table and permanent deletion of log rows via the debug-log/delete-all and debug...

5.3CVSS5.8AI score0.00223EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.37 views

CVE-2026-10552 Blue Captcha <= 2.0.1 - Cross-Site Request Forgery via 'blcap_action' Parameter

The Blue Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 2.0.1. This is due to missing or incorrect nonce validation on the main admin panel blcapmainpage and on the Hall of Shame and Log subpages, which accept a 'blcapaction' / 'action'...

4.3CVSS0.00146EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:33 a.m.8 views

CVE-2026-10552

The Blue Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 2.0.1. This is due to missing or incorrect nonce validation on the main admin panel blcapmainpage and on the Hall of Shame and Log subpages, which accept a 'blcapaction' / 'action'...

4.3CVSS5.9AI score0.00146EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/24 5:33 a.m.11 views

EUVD-2026-38669

The Blue Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 2.0.1. This is due to missing or incorrect nonce validation on the main admin panel blcapmainpage and on the Hall of Shame and Log subpages, which accept a 'blcapaction' / 'action'...

4.3CVSS5.9AI score0.00146EPSS
Exploits0References6
CVE
CVE
added 2026/06/24 5:33 a.m.19 views

CVE-2026-10552

The CVE-2026-10552 entry concerns the WordPress plugin Blue Captcha (versions up to 2.0.1). It documents a Cross-Site Request Forgery (CSRF) flaw caused by missing or incorrect nonce validation on the main admin page (blcap_main_page) and on Hall of Shame and Log subpages. These pages accept a bl...

4.3CVSS5.9AI score0.00146EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.23 views

PT-2026-51667

Name of the Vulnerable Software and Affected Versions Blue Captcha versions prior to 2.0.2 Description The Blue Captcha plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a victim into performing actions they did not intend to. This occurs due ...

4.3CVSS5.8AI score0.00146EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/06/02 7:48 a.m.46 views

CVE-2026-9234 JTL-Connector for WooCommerce <= 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Settings Modification via Multiple Functions

The JTL-Connector for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.4.1. This is due to missing capability checks and nonce verification on the adminpostsettingssavewoo-jtl-connector action handled by JtlConnectorAdmin::save and on the...

4.3CVSS0.00198EPSS
Exploits0References6
NVD
NVD
added 2026/02/17 5:21 p.m.11 views

CVE-2025-67905

Malwarebytes AdwCleaner before v.8.7.0 runs as Administrator and performs an insecure log file delete operation in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link, a related issue to CVE-2023-28892. To exploit this, an...

8.7CVSS0.00136EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/17 12:0 a.m.9 views

Malwarebytes AdwCleaner 安全漏洞

Malwarebytes AdwCleaner is a utility program developed by the American company Malwarebytes. This program is primarily used to scan and remove pre-installed software such as advertisements on Windows computers. Versions of Malwarebytes AdwCleaner prior to 8.7.0 contained security vulnerabilities...

8.7CVSS5.8AI score0.00136EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/17 12:0 a.m.5 views

CVE-2025-67905

Malwarebytes AdwCleaner before v.8.7.0 runs as Administrator and performs an insecure log file delete operation in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link, a related issue to CVE-2023-28892. To exploit this, an...

7.4AI score0.00136EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/17 12:0 a.m.30 views

CVE-2025-67905

Malwarebytes AdwCleaner before v.8.7.0 runs as Administrator and performs an insecure log file delete operation in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link, a related issue to CVE-2023-28892. To exploit this, an...

0.00136EPSS
Exploits0References2
CVE
CVE
added 2026/02/17 12:0 a.m.10 views

CVE-2025-67905

CVE-2025-67905 affects Malwarebytes AdwCleaner prior to v8.7.0. The issue: AdwCleaner runs with Administrator privileges and performs an insecure log file delete operation where the target path is user-controllable, enabling a non-admin user to escalate to SYSTEM via a symbolic link. Exploitation...

8.7CVSS5.5AI score0.00136EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.5 views

PT-2026-20261

Name of the Vulnerable Software and Affected Versions Malwarebytes AdwCleaner versions prior to 8.7.0 Description The application runs with Administrator privileges and performs an insecure log file deletion. The target location for deletion is controllable by the user. This allows a...

8.7CVSS5.4AI score0.00136EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/07 12:0 a.m.8 views

warehouse 授权问题漏洞

Warehouse is a small-scale warehouse logistics management system developed by Yeqifu’s individual developer, based on Spring Boot. There are authorization issues in Warehouse; these issues stem from incorrect operations in the component Log Info Handler, specifically in the file...

8.8CVSS6.5AI score0.00326EPSS
Exploits1References7
CVE
CVE
added 2026/02/03 3:24 a.m.31 views

CVE-2026-0909

The CVE-2026-0909 entry concerns the WordPress WP ULike plugin (all versions up to 4.8.3.1). The vulnerability is Insecure Direct Object Reference via the wp_ulike_delete_history_api AJAX action, which does not verify that the history log being deleted belongs to the current user. This can allow ...

5.3CVSS5.5AI score0.00338EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/03 3:24 a.m.3 views

CVE-2026-0909 WP ULike <= 4.8.3.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Log Deletion via 'id' Parameter

The WP ULike plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.8.3.1. This is due to the wpulikedeletehistoryapi AJAX action not verifying that the log entry being deleted belongs to the current user. This makes it possible for...

5.3CVSS5.5AI score0.00338EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/03 3:24 a.m.7 views

EUVD-2026-5173

The WP ULike plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.8.3.1. This is due to the wpulikedeletehistoryapi AJAX action not verifying that the log entry being deleted belongs to the current user. This makes it possible for...

5.3CVSS5.5AI score0.00338EPSS
Exploits0References4
Rows per page
Query Builder