Lucene search
K

649 matches found

Patchstack
Patchstack
added 2026/05/26 5:25 p.m.11 views

WordPress Single Mailchimp plugin <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Single Mailchimp versions = 1.4...

6.4CVSS5.8AI score0.00235EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/02 8:27 a.m.7 views

CVE-2026-4024

The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wprupdateformactionmeta AJAX action in all versions up to, and including, 1.7.1056. The handler is registered on both wpajax and wpajaxnopriv hooks, maki...

5.3CVSS5.8AI score0.00501EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/03/26 5:3 p.m.2 views

CVE-2026-25430

Missing Authorization vulnerability in CRM Perks Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms cf7-mailchimp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Mailchimp and Contact Form 7, WPForms, Elementor,...

6.5CVSS5.8AI score0.00315EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:13 p.m.5 views

CVE-2025-13997

The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via...

5.3CVSS5.8AI score0.00219EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.3 views

CVE-2026-1781

The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.11.1. This is due to the plugin trusting the mc4wpaction POST parameter without validation, allowing unauthenticated attackers to force the form to process...

6.5CVSS5.8AI score0.00265EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 6:31 p.m.7 views

EUVD-2026-15725

Missing Authorization vulnerability in CRM Perks Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms cf7-mailchimp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Mailchimp and Contact Form 7, WPForms, Elementor,...

5.8AI score0.00315EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 5:16 p.m.12 views

CVE-2026-25430

Missing Authorization vulnerability in CRM Perks Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms cf7-mailchimp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Mailchimp and Contact Form 7, WPForms, Elementor,...

6.5CVSS0.00315EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.13 views

CVE-2026-25430

CVE-2026-25430 describes a Missing Authorization vulnerability in the Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms (cf7-mailchimp). Affected versions are from n/a through 1.2.2. The issue arises from incorrectly configured access control, enabling network-attacker...

6.5CVSS5.8AI score0.00315EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.2 views

CVE-2026-25430 WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in CRM Perks Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms cf7-mailchimp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Mailchimp and Contact Form 7, WPForms, Elementor,...

6.5CVSS5.8AI score0.00315EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.26 views

CVE-2026-25430 WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in CRM Perks Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms cf7-mailchimp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Mailchimp and Contact Form 7, WPForms, Elementor,...

6.5CVSS0.00315EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.7 views

PT-2026-27945

Name of the Vulnerable Software and Affected Versions CRM Perks Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms versions through 1.2.2 Description An authorization issue exists in CRM Perks Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms...

6.5CVSS5.9AI score0.00315EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.9 views

WordPress plugin Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be integrated...

6.5CVSS5.8AI score0.00315EPSS
Exploits0References1
CVE
CVE
added 2026/03/23 6:41 a.m.11 views

CVE-2025-13997

The CVE-2025-13997 entry concerns the King Addons for Elementor WordPress plugin. Affected: King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor. Root cause: unauthenticated API key disclosure caused by the plugin adding API keys to the HTML ...

5.3CVSS5.8AI score0.00219EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/23 6:41 a.m.2 views

CVE-2025-13997

The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via...

5.3CVSS5.8AI score0.00219EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/23 6:41 a.m.3 views

CVE-2025-13997 King Addons for Elementor <= 51.1.49 - Unauthenticated API Keys Disclosure

The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via...

5.3CVSS5.8AI score0.00219EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/23 6:41 a.m.31 views

CVE-2025-13997 King Addons for Elementor <= 51.1.49 - Unauthenticated API Keys Disclosure

The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via...

5.3CVSS0.00219EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.8 views

PT-2026-27061

The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via...

5.3CVSS5.8AI score0.00219EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/03/18 12:28 p.m.5 views

WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms versions = 1.2.2...

6.5CVSS5.8AI score0.00315EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/11 9:59 a.m.6 views

WordPress MC4WP: Mailchimp for WordPress plugin <= 4.11.1 - Missing Authorization to Unauthenticated Arbitrary Subscription Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Subscription Deletion vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin MC4WP versions = 4.11.1...

6.5CVSS5.8AI score0.00265EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/11 3:31 a.m.6 views

EUVD-2026-11032

The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.11.1. This is due to the plugin trusting the mc4wpaction POST parameter without validation, allowing unauthenticated attackers to force the form to process...

6.5CVSS5.8AI score0.00265EPSS
Exploits0References8
Rows per page
Query Builder