Lucene search
K

8 matches found

NVD
NVD
added 2026/05/05 7:16 a.m.12 views

CVE-2026-3454

The GenerateBlocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.0. This is due to missing object-level authorization checks in the /wp-json/generateblocks/v1/dynamic-tag-replacements REST endpoint. The endpoint only verifies that...

6.5CVSS0.00539EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/05 6:43 a.m.5 views

CVE-2026-3454

The GenerateBlocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.0. This is due to missing object-level authorization checks in the /wp-json/generateblocks/v1/dynamic-tag-replacements REST endpoint. The endpoint only verifies that...

6.5CVSS5.9AI score0.00539EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/02/10 9:26 a.m.5 views

CVE-2026-2268

The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.0. This is due to the unsafe application of the ninjaformsmergetags filter to user-supplied input within repeater fields, which allows the resolution of postmeta:KEY mer...

7.5CVSS5.7AI score0.00331EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.7 views

PT-2026-7248

The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.0. This is due to the unsafe application of the ninja forms merge tags filter to user-supplied input within repeater fields, which allows the resolution of post meta:KEY...

7.5CVSS5.7AI score0.00331EPSS
Exploits2References7
CVE
CVE
added 2026/01/07 6:36 a.m.21 views

CVE-2025-13371

CVE-2025-13371 refers to Money Space (Money Space) WordPress plugin. The vulnerability affects all versions up to 2.13.9 and arises from the plugin storing full card data (PAN, cardholder name, expiry, CVV) in WordPress post_meta encoded with base64, then embedding these values into the public ms...

8.6CVSS5.8AI score0.00372EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/11/13 3:27 a.m.5 views

CVE-2025-12536 SureForms <= 1.13.1 - Missing Authorization to Unauthenticated Sensitive Information Exposure

The SureForms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.1 via the 'srfmemailnotification' post meta registration. This is due to setting the 'authcallback' parameter to 'returntrue', which allows unauthenticated access to the...

5.3CVSS0.00757EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/14 4:22 a.m.5 views

CVE-2025-1528 Search and filter pro <= 2.5.19 - Missing Authorization to Authenticated (Subscriber+) Post Meta Exposure

The Search & Filter Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getmetavalues' function in all versions up to, and including, 2.5.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

4.3CVSS4.4AI score0.00235EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/03/13 5:18 p.m.4 views

WordPress Search Filter Pro plugin <= 2.5.19 - Missing Authorization to Authenticated (Subscriber+) Post Meta Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Post Meta Exposure vulnerability discovered by Tom Broucke in WordPress Plugin Search Filter Pro versions = 2.5.19...

4.3CVSS8.8AI score0.00235EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder