Lucene search
K

96 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:6 a.m.6 views

CVE-2023-6492

The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'adminnotices' hook found in class-settings.php. This makes it possible...

4.3CVSS6.3AI score0.00198EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 2:32 a.m.4 views

CVE-2023-1028

The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the setIgnore function. This makes it possible for unauthenticated attackers to update plugin options via a forged...

4.3CVSS6.8AI score0.00316EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/08 12:0 a.m.3 views

WordPress plugin Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS6.3AI score0.00337EPSS
Exploits0References8
Patchstack
Patchstack
added 2025/01/07 6:58 a.m.6 views

WordPress Infility Global plugin <= 2.9.8 - Authenticated (Subscriber+) Missing Authorization to Plugin Options Update vulnerability

Authenticated Subscriber+ Missing Authorization to Plugin Options Update vulnerability discovered by Francesco Carlucci in WordPress Plugin Infility Global versions = 2.9.8...

6.5CVSS7AI score0.0032EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/01/07 5:15 a.m.3 views

CVE-2024-11496

The Infility Global plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the infilityglobalajax function in all versions up to, and including, 2.9.8. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

6.5CVSS7.3AI score0.0032EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/07 12:0 a.m.5 views

PT-2025-1662 · WordPress · Infility Global

Name of the Vulnerable Software and Affected Versions: Infility Global plugin for WordPress versions up to, and including, 2.9.8 Description: The issue allows authenticated attackers with Subscriber-level access and above to update plugin options, potentially breaking the site, due to a missing...

6.5CVSS7.1AI score0.0032EPSS
Exploits0References6
OSV
OSV
added 2024/10/22 5:15 a.m.5 views

CVE-2024-10003

The Rover IDX plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 3.0.0.2903. This makes it possible for authenticated attackers, with subscriber-level access and...

6.3CVSS5.8AI score0.00418EPSS
Exploits0References9
CVE
CVE
added 2024/10/22 4:31 a.m.54 views

CVE-2024-10003

CVE-2024-10003 (Rover IDX for WordPress) affects Rover IDX plugin, versions up to 3.0.0.2903. Root cause is a missing capability check on multiple functions, enabling authenticated attackers with subscriber-level access or higher to add, modify, or delete plugin options, potentially leading to un...

6.3CVSS6.3AI score0.00418EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2024/10/18 5:15 a.m.30 views

CVE-2024-9361

The Bulk images optimizer: Resize, optimize, convert to webp, rename … plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveconfiguration' function in all versions up to, and including, 2.0.1. This makes it possible for authenticate...

4.3CVSS0.00314EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/10/17 6:1 p.m.4 views

WordPress Bulk images optimizer plugin <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Plugin Options Update vulnerability discovered by Francesco Carlucci in WordPress Plugin Bulk images optimizer versions = 2.0.1...

4.3CVSS7AI score0.00314EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/17 12:0 a.m.6 views

PT-2024-39595 · WordPress · Bulk Images Optimizer

Name of the Vulnerable Software and Affected Versions: The Bulk images optimizer: Resize, optimize, convert to webp, rename … plugin for WordPress versions up to, and including, 2.0.1 Description: The issue is related to a missing capability check on the save configuration function, allowing...

4.3CVSS7AI score0.00314EPSS
Exploits0References8
OSV
OSV
added 2024/10/10 3:15 a.m.4 views

CVE-2024-9520

The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.0. This makes it possible for authenticated attackers with subscriber-level permissions or above, ...

5.4CVSS5.8AI score0.00324EPSS
Exploits0References4
NVD
NVD
added 2024/10/10 3:15 a.m.20 views

CVE-2024-9520

The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.0. This makes it possible for authenticated attackers with subscriber-level permissions or above, ...

6.3CVSS0.00324EPSS
Exploits0References4
OSV
OSV
added 2024/09/05 11:15 a.m.4 views

CVE-2024-7605

The HelloAsso plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'haajax' function in all versions up to, and including, 1.1.10. This makes it possible for authenticated attackers, with Contributor-level access and above, to update...

4.3CVSS5.8AI score0.00427EPSS
Exploits0References3
NVD
NVD
added 2024/09/05 11:15 a.m.39 views

CVE-2024-7605

The HelloAsso plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'haajax' function in all versions up to, and including, 1.1.10. This makes it possible for authenticated attackers, with Contributor-level access and above, to update...

4.3CVSS0.00427EPSS
Exploits0References3
CVE
CVE
added 2024/09/05 11:0 a.m.54 views

CVE-2024-7605

CVE-2024-7605 : The WordPress HelloAsso plugin (versions up to 1.1.10) is vulnerable due to a missing capability check on the 'ha_ajax' function, allowing authenticated attackers with Contributor-level access or higher to modify plugin options and disrupt service. The vulnerability affects all ve...

4.3CVSS4.7AI score0.00427EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/07/24 3:15 a.m.2 views

CVE-2024-6751

The Social Auto Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.3.14. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete post meta an...

6.5CVSS5.8AI score0.00166EPSS
Exploits0References2
NVD
NVD
added 2024/07/24 3:15 a.m.33 views

CVE-2024-6751

The Social Auto Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.3.14. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete post meta an...

6.5CVSS0.00166EPSS
Exploits0References2
OSV
OSV
added 2024/07/24 3:15 a.m.3 views

CVE-2024-6750

The Social Auto Poster plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to add, modify, or delete pos...

7.5CVSS5.8AI score0.00285EPSS
Exploits0References2
CVE
CVE
added 2024/07/24 2:33 a.m.46 views

CVE-2024-6751

The CVE-2024-6751 entry describes a CSRF vulnerability in the WordPress plugin Social Auto Poster up to version 5.3.14 due to missing/incorrect nonce validation on multiple functions. This allows unauthenticated attackers to add, modify, or delete post meta and plugin options. Multiple connected ...

6.5CVSS6.2AI score0.00166EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder