Lucene search
+L

77 matches found

Vulnrichment
Vulnrichment
added 2025/12/12 9:20 a.m.5 views

CVE-2025-14074 PDF for Contact Form 7 + Drag and Drop Template Builder <= 6.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Duplication

The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplication due to a missing capability check on the 'rednumberduplicate' function in all versions up to, and including, 6.3.3. This makes it possible for authenticated attackers,...

4.3CVSS5.6AI score0.00207EPSS
Exploits0References4
CVE
CVE
added 2025/12/12 9:20 a.m.22 views

CVE-2025-14074

CVE-2025-14074 concerns the WordPress plugin PDF for Contact Form 7 + Drag and Drop Template Builder. Public sources confirm a vulnerability where an authenticated user (Subscriber or higher) can trigger unauthorized post duplication due to a missing capability check in the rednumber_duplicate fu...

4.3CVSS5.1AI score0.00207EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/12 9:20 a.m.10 views

EUVD-2025-203072

The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplication due to a missing capability check on the 'rednumberduplicate' function in all versions up to, and including, 6.3.3. This makes it possible for authenticated attackers,...

5.3CVSS5AI score0.00207EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/12/12 12:19 a.m.8 views

WordPress PDF for Contact Form 7 + Drag and Drop Template Builder plugin <= 6.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Duplication vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Post Duplication vulnerability discovered by Legion Hunter in WordPress Plugin PDF for Contact Form 7 versions = 6.3.3...

5.3CVSS6.8AI score0.00207EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.13 views

PT-2025-50912

The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplication due to a missing capability check on the 'rednumber duplicate' function in all versions up to, and including, 6.3.3. This makes it possible for authenticated attackers,...

5.3CVSS5.5AI score0.00207EPSS
Exploits0References5
CNVD
CNVD
added 2025/11/27 12:0 a.m.3 views

WordPress plugin atec Duplicate Page & Post has an unspecified vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin atec Duplicate Page & Post 1.2.20 and earli...

5.3CVSS6.4AI score0.00231EPSS
Exploits0References1
CVE
CVE
added 2025/11/25 7:28 a.m.24 views

CVE-2025-13404

CVE-2025-13404 concerns the WordPress plugin “atec Duplicate Page & Post” (versions up to and including 1.2.20). The root cause is missing authorization validation in the duplicate_post() function, allowing authenticated users with Contributor-level access or higher to duplicate arbitrary posts, ...

5.3CVSS5.3AI score0.00231EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/25 7:28 a.m.7 views

CVE-2025-13404 atec Duplicate Page & Post <= 1.2.20 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication and Data Exposure

The atec Duplicate Page & Post plugin for WordPress is vulnerable to unauthorized post duplication due to missing authorization validation on the duplicatepost function in all versions up to, and including, 1.2.20. This makes it possible for authenticated attackers, with Contributor-level access...

5.3CVSS5.2AI score0.00231EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/25 12:0 a.m.6 views

WordPress plugin atec Duplicate Page & Post 安全漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin atec Duplicate Page & Post 1.2.20 and earli...

5.3CVSS6.3AI score0.00231EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/11/24 11:37 p.m.6 views

WordPress atec Duplicate Page & Post plugin <= 1.2.20 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication and Data Exposure vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary Post Duplication and Data Exposure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin atec Duplicate Page & Post versions = 1.2.20...

5.3CVSS6.8AI score0.00231EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-1903

Malware in sbrugna...

6.5CVSS6.6AI score0.00529EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-49954

Malicious code in bioql PyPI...

4.3CVSS5AI score0.00231EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-48952

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.00309EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 10:31 a.m.9 views

CVE-2024-7836

The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicatepageajaxify function in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate...

4.3CVSS6.5AI score0.0029EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:45 a.m.6 views

CVE-2024-4199

The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 4.2.3. This makes it possible for authenticated attackers, with subscriber access an...

4.3CVSS5.9AI score0.00296EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:18 a.m.8 views

CVE-2024-8123

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.0.8 via the duplicatepost function due to missing validation on a user controlled key. This makes it possible for authenticated attackers...

5.4CVSS6.5AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:54 a.m.17 views

CVE-2022-47179

Cross-Site Request Forgery CSRF vulnerability in Uwe Jacobs OWM Weather plugin = 5.6.11 leads to post duplication as a draft...

4.3CVSS7AI score0.00231EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/15 7:23 a.m.14 views

CVE-2025-0661

The DethemeKit For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the duplicatepost function due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated attackers, with...

4.3CVSS9.3AI score0.00274EPSS
Exploits0References1
CVE
CVE
added 2025/02/13 6:58 a.m.78 views

CVE-2025-0661

CVE-2025-0661: DethemeKit For Elementor (WordPress) has information exposure due to insufficient restrictions in duplicate_post() handled by authenticated users (Contributor+). Affects all versions up to 2.36; attackers could duplicate posts (password-protected, private, draft, or scheduled) to e...

4.3CVSS6.8AI score0.00274EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2025/01/11 3:15 a.m.12 views

CVE-2024-12472

The Post Duplicator plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the mtphrduplicatepost function due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated attackers, with Contributor-lev...

4.3CVSS0.00303EPSS
Exploits0References2
Rows per page
Query Builder