Lucene search
K

72 matches found

NVD
NVD
added 2026/06/30 7:16 a.m.10 views

CVE-2026-11581

The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.13 does not sanitise a form field's caption before outputting it as a column header on the administrator form-entries screen, allowing users with Contributor-level access or above to store JavaScript that executes i...

5.9CVSS0.0014EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 6:0 a.m.9 views

EUVD-2026-40261

The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.13 does not sanitise a form field's caption before outputting it as a column header on the administrator form-entries screen, allowing users with Contributor-level access or above to store JavaScript that executes i...

5.9CVSS5.8AI score0.0014EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 6:17 a.m.13 views

CVE-2026-9013

The Bogo plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.1 via the bogorestcreateposttranslation. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the raw title, content, excerpt,...

4.3CVSS0.00254EPSS
Exploits0References9
OSV
OSV
added 2026/03/18 12:31 p.m.6 views

GHSA-G9W4-M5FX-X3WV Yoast Duplicate Post has an Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite

The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clonebulkactionhandler and republishrequest functions in all versions up to, and including, 4.5. This makes it possible for authenticated attackers, with...

5.4CVSS5.7AI score0.00171EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/18 9:28 a.m.2 views

CVE-2026-1217 Yoast Duplicate Post <= 4.5 - Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite

The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clonebulkactionhandler and republishrequest functions in all versions up to, and including, 4.5. This makes it possible for authenticated attackers, with...

5.4CVSS5.7AI score0.00171EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/18 9:28 a.m.40 views

CVE-2026-1217 Yoast Duplicate Post <= 4.5 - Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite

The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clonebulkactionhandler and republishrequest functions in all versions up to, and including, 4.5. This makes it possible for authenticated attackers, with...

5.4CVSS0.00171EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/03/18 2:29 a.m.7 views

WordPress Yoast Duplicate Post plugin <= 4.5 - Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite vulnerability

Authenticated Contributor+ Missing Authorization to Arbitrary Post Duplication and Overwrite vulnerability discovered by johska in WordPress Plugin Duplicate Post versions = 4.5...

5.4CVSS5.8AI score0.00171EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/11 7:36 a.m.36 views

CVE-2026-2917 Happy Addons for Elementor <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Duplication via 'post_id' Parameter

The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the haduplicatething admin action handler. This is due to the canclone method only checking currentusercan'editposts' a general capability without...

5.4CVSS0.00193EPSS
Exploits0References6
CVE
CVE
added 2026/03/11 7:36 a.m.18 views

CVE-2026-2917

CVE-2026-2917 (Happy Addons for Elementor, WordPress) is an Insecure Direct Object Reference vulnerability affecting all versions up to 3.21.0. The root cause is the can_clone() check only enforcing a general capability (current_user_can('edit_posts')) and an action nonce bound to the generic ha_...

5.4CVSS5.8AI score0.00193EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/03/10 11:17 p.m.6 views

WordPress Happy Addons for Elementor plugin <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Duplication via 'post_id' Parameter vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Post Duplication via 'postid' Parameter vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Happy Addons for Elementor versions = 3.21.0...

5.4CVSS5.8AI score0.00193EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/13 9:13 p.m.5 views

WordPress WP Duplicate Page plugin <= 1.8 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary Post Duplication vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin WP Duplicate Page versions = 1.8...

5.4CVSS6.8AI score0.00227EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/01/13 11:21 a.m.19 views

CVE-2025-14001

CVE-2025-14001 relates to the WordPress plugin WP Duplicate Page (versions

5.4CVSS4.9AI score0.00227EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/13 9:41 a.m.5 views

CVE-2025-14074

The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplication due to a missing capability check on the 'rednumberduplicate' function in all versions up to, and including, 6.3.3. This makes it possible for authenticated attackers,...

5.3CVSS5.5AI score0.00207EPSS
Exploits0References1
NVD
NVD
added 2025/12/12 10:15 a.m.5 views

CVE-2025-14074

The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplication due to a missing capability check on the 'rednumberduplicate' function in all versions up to, and including, 6.3.3. This makes it possible for authenticated attackers,...

4.3CVSS0.00207EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/12 9:20 a.m.9 views

EUVD-2025-203072

The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplication due to a missing capability check on the 'rednumberduplicate' function in all versions up to, and including, 6.3.3. This makes it possible for authenticated attackers,...

5.3CVSS5AI score0.00207EPSS
Exploits0References5
CVE
CVE
added 2025/12/12 9:20 a.m.20 views

CVE-2025-14074

CVE-2025-14074 concerns the WordPress plugin PDF for Contact Form 7 + Drag and Drop Template Builder. Public sources confirm a vulnerability where an authenticated user (Subscriber or higher) can trigger unauthorized post duplication due to a missing capability check in the rednumber_duplicate fu...

4.3CVSS5.1AI score0.00207EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/12 9:20 a.m.5 views

CVE-2025-14074 PDF for Contact Form 7 + Drag and Drop Template Builder <= 6.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Duplication

The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplication due to a missing capability check on the 'rednumberduplicate' function in all versions up to, and including, 6.3.3. This makes it possible for authenticated attackers,...

4.3CVSS5.6AI score0.00207EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/12 9:20 a.m.34 views

CVE-2025-14074 PDF for Contact Form 7 + Drag and Drop Template Builder <= 6.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Duplication

The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplication due to a missing capability check on the 'rednumberduplicate' function in all versions up to, and including, 6.3.3. This makes it possible for authenticated attackers,...

4.3CVSS0.00207EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/12/12 12:19 a.m.7 views

WordPress PDF for Contact Form 7 + Drag and Drop Template Builder plugin <= 6.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Duplication vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Post Duplication vulnerability discovered by Legion Hunter in WordPress Plugin PDF for Contact Form 7 versions = 6.3.3...

5.3CVSS6.8AI score0.00207EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.11 views

PT-2025-50912

The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplication due to a missing capability check on the 'rednumber duplicate' function in all versions up to, and including, 6.3.3. This makes it possible for authenticated attackers,...

5.3CVSS5.5AI score0.00207EPSS
Exploits0References5
Rows per page
Query Builder