Lucene search
+L

2973 matches found

Cvelist
Cvelist
added 2026/05/13 8:26 a.m.44 views

CVE-2026-2515 Hostinger Reach <= 1.3.8 - Missing Authorization to Authenticated (Subscriber+) Integration API Key Update

The Hostinger Reach – AI-Powered Email Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handleajaxaction' function in all versions up to, and including, 1.3.8. This makes it possible for authenticated...

5.3CVSS0.00378EPSS
Exploits0References4
CVE
CVE
added 2026/05/13 8:26 a.m.21 views

CVE-2026-2515

The Hostinger Reach plugin for WordPress (v

5.3CVSS5.7AI score0.00378EPSS
Exploits0References4
NVD
NVD
added 2026/05/13 6:16 a.m.10 views

CVE-2025-14033

The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getticketcontentcallback' function in all versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to view any...

5.3CVSS0.00256EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/13 5:29 a.m.23 views

EUVD-2025-209822

The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getticketcontentcallback' function in all versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to view any...

5.3CVSS5.8AI score0.00256EPSS
Exploits0References6
CVE
CVE
added 2026/05/13 5:29 a.m.13 views

CVE-2025-14033

CVE-2025-14033 affects the WordPress plugin “ilGhera Support System for WooCommerce” (woocommerce integration) with versions up to and including 1.3.0. The vulnerability is a missing capability check in get_ticket_content_callback, allowing unauthenticated attackers to read any support ticket con...

5.3CVSS5.8AI score0.00256EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/13 5:29 a.m.9 views

CVE-2025-14033

The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getticketcontentcallback' function in all versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to view any...

5.3CVSS5.8AI score0.00256EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/13 5:29 a.m.62 views

CVE-2025-14033 ilGhera Support System for WooCommerce <= 1.3.0 - Missing Authorization to Unauthenticated Sensitive Information Exposure

The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getticketcontentcallback' function in all versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to view any...

5.3CVSS0.00256EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/13 4:26 a.m.6 views

CVE-2025-9988

The Broadstreet plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the createadvertiser AJAX action in all versions up to, and including, 1.53.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create...

4.3CVSS5.8AI score0.00158EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/13 4:26 a.m.10 views

EUVD-2025-209819

The Broadstreet plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the createadvertiser AJAX action in all versions up to, and including, 1.53.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create...

4.3CVSS5.8AI score0.00158EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/13 12:48 a.m.32 views

EUVD-2026-29886

The MonsterInsights – Google Analytics Dashboard for WordPress Website Stats Made Easy plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability checks on the getadsaccesstoken and resetexperience functions in all versions up to, and including,...

7.1CVSS5.8AI score0.00349EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.18 views

PT-2026-40595

The RTMKit Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the save widget and reset all widgets functions in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00288EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.14 views

PT-2026-40611

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pm invite user function in all versions up to, and including, 5.9.8.4. This makes it possible for authenticated attackers, with Subscriber-lev...

7.1CVSS5.8AI score0.00219EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.21 views

PT-2026-40586

The Hostinger Reach – AI-Powered Email Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handle ajax action' function in all versions up to, and including, 1.3.8. This makes it possible for authenticated...

5.3CVSS5.7AI score0.00378EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.15 views

PT-2026-40559

The Broadstreet plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the create advertiser AJAX action in all versions up to, and including, 1.53.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create...

4.3CVSS5.8AI score0.00158EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 11:16 p.m.43 views

CVE-2026-5371

The MonsterInsights – Google Analytics Dashboard for WordPress Website Stats Made Easy plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability checks on the getadsaccesstoken and resetexperience functions in all versions up to, and including,...

7.1CVSS0.00349EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/12 9:31 a.m.40 views

EUVD-2026-29399

The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation logic flaw in the saabcancelbooking function in all versions up to, and including, 1.0.8. The nonce check uses && AND instead of || OR,...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/12 7:48 a.m.6 views

CVE-2026-5693

The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation logic flaw in the saabcancelbooking function in all versions up to, and including, 1.0.8. The nonce check uses && AND instead of || OR,...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.18 views

PT-2026-40465

Name of the Vulnerable Software and Affected Versions MonsterInsights – Google Analytics Dashboard for WordPress versions prior to 10.1.3 Description Missing capability checks in the get ads access token and reset experience functions allow authenticated attackers with Subscriber-level access or...

7.1CVSS5.8AI score0.00349EPSS
Exploits0References7
WPVulnDB
WPVulnDB
added 2026/05/07 12:0 a.m.15 views

3D viewer – Embed 3D Models < 1.8.6 - Missing Authorization

Description The 3D viewer – Embed 3D Models plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.8.5. This makes it possible for authenticated attackers, with contributor-level access and above, to perform an...

4.3CVSS5.8AI score0.00141EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/06 8:22 p.m.8 views

CVE-2026-3601

The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the embedformaction function in all versions up to, and including, 5.1.4. This makes it possible for authenticated attackers, with Contributor-level acce...

4.3CVSS5.9AI score0.003EPSS
Exploits0References1
Rows per page
Query Builder