Lucene search
K

210 matches found

EUVD
EUVD
added 2026/02/03 5:30 a.m.12 views

EUVD-2026-5268

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.19.17. This is due to the plugin failing to check postpasswordrequired before rendering post excerpts in the renderexcerpt...

5.3CVSS5.4AI score0.00346EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/01/26 3:12 a.m.18 views

CVE-2025-6461

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-ajax-hooks.php due to insufficient restrictions on which posts can be included. This makes it...

4.3CVSS5.6AI score0.00196EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/25 2:22 a.m.4 views

CVE-2025-6461 CubeWP – All-in-One Dynamic Content Framework <= 1.1.27 - Unauthenticated Post Disclosure in class-cubewp-search-ajax-hooks.php

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-ajax-hooks.php due to insufficient restrictions on which posts can be included. This makes it...

4.3CVSS5.9AI score0.00196EPSS
Exploits0References2
CVE
CVE
added 2026/01/25 2:22 a.m.13 views

CVE-2025-6461

CVE-2025-6461 affects the CubeWP Framework (WordPress) and is due to Information Exposure via the search functionality in class-cubewp-search-ajax-hooks.php. It applies to all versions up to and including 1.1.27, enabling unauthenticated attackers to retrieve data from password-protected, private...

4.3CVSS5.6AI score0.00196EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/17 7:27 a.m.4 views

CVE-2025-12129

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the /cubewp-posts/v1/query-new and /cubewp-posts/v1/query REST API endpoints due to insufficient restrictions on which posts can be include...

5.3CVSS5.5AI score0.00219EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/17 7:27 a.m.7 views

EUVD-2026-3147

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the /cubewp-posts/v1/query-new and /cubewp-posts/v1/query REST API endpoints due to insufficient restrictions on which posts can be include...

5.3CVSS5.7AI score0.00219EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/17 12:0 a.m.11 views

PT-2026-3353

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the /cubewp-posts/v1/query-new and /cubewp-posts/v1/query REST API endpoints due to insufficient restrictions on which posts can be include...

5.3CVSS6.2AI score0.00219EPSS
Exploits0References3
NVD
NVD
added 2026/01/16 5:16 a.m.13 views

CVE-2025-15527

The WP Recipe Maker plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 10.2.2 via the apigetpostsummary function due to insufficient restrictions on which posts can be retrieved. This makes it possible for authenticated attackers, with Contributor-level...

4.3CVSS0.00319EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/01/10 6:32 a.m.4 views

CVE-2025-14943 Blog2Social: Social Media Auto Post & Scheduler <= 8.7.2 - Incorrect Authorization to Authenticated (Subscriber+) Sensitive Information Exposure

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.7.2. This is due to a misconfigured authorization check on the 'getShipItemFullText' function which only verifies that a user has the...

4.3CVSS5.2AI score0.00193EPSS
Exploits0References3
CVE
CVE
added 2026/01/10 6:32 a.m.16 views

CVE-2025-14943

CVE-2025-14943 affects Blog2Social: Social Media Auto Post & Scheduler for WordPress. The vulnerability arises from a misconfigured authorization check in getShipItemFullText: it only verifies Subscriber-level read capability and a valid nonce, but does not confirm access permissions for the spec...

4.3CVSS5.2AI score0.00193EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.10 views

WordPress plugin Blog2Social 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

4.3CVSS6.3AI score0.00193EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/11/19 10:23 a.m.10 views

CVE-2025-12481

The WP Duplicate Page plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'saveSettings' function. This makes it possible for authenticated...

4.3CVSS5.5AI score0.00212EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/18 12:30 p.m.7 views

EUVD-2025-197964

The WP Duplicate Page plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'saveSettings' function. This makes it possible for authenticated...

4.3CVSS5.2AI score0.00212EPSS
Exploits0References5
NVD
NVD
added 2025/11/18 10:15 a.m.7 views

CVE-2025-12481

The WP Duplicate Page plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'saveSettings' function. This makes it possible for authenticated...

4.3CVSS0.00212EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/18 9:27 a.m.14 views

CVE-2025-12481 WP Duplicate Page <= 1.7 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure

The WP Duplicate Page plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'saveSettings' function. This makes it possible for authenticated...

4.3CVSS0.00212EPSS
Exploits0References4
CVE
CVE
added 2025/11/18 9:27 a.m.10 views

CVE-2025-12481

The vulnerability CVE-2025-12481 affects the WP Duplicate Page plugin for WordPress (versions up to 1.7). Root cause: Missing authorization checks in saveSettings allow authenticated users with Contributor+ privileges to modify plugin settings that control capabilities, enabling them to duplicate...

4.3CVSS5.2AI score0.00212EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/18 9:27 a.m.6 views

CVE-2025-12481 WP Duplicate Page <= 1.7 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure

The WP Duplicate Page plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'saveSettings' function. This makes it possible for authenticated...

4.3CVSS5.2AI score0.00212EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.8 views

PT-2025-47281

Name of the Vulnerable Software and Affected Versions WP Duplicate Page plugin versions prior to 1.8 Description The WP Duplicate Page plugin for WordPress is affected by a missing authorization issue. The plugin does not properly verify user authorization to perform actions within the saveSettin...

4.3CVSS5.9AI score0.00212EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/11/02 4:46 a.m.8 views

CVE-2025-11377

The List category posts plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.92.0 via the 'catlist' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level...

4.3CVSS6AI score0.00207EPSS
Exploits0References1
NVD
NVD
added 2025/11/01 5:16 a.m.6 views

CVE-2025-11377

The List category posts plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.92.0 via the 'catlist' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level...

4.3CVSS0.00207EPSS
Exploits0References2
Rows per page
Query Builder