Lucene search
K

80 matches found

Cvelist
Cvelist
added 2025/12/21 2:20 a.m.16 views

CVE-2025-14080 Frontend Post Submission Manager Lite <= 1.2.5 - Missing Authorization to Unauthenticated Arbitrary Post Modification

The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.5. This is due to missing authorization checks on the post update functionality in the fpsmlformprocess AJAX action. This makes it possible for...

5.3CVSS0.0024EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/21 12:0 a.m.8 views

PT-2025-52576

Name of the Vulnerable Software and Affected Versions Frontend Post Submission Manager Lite plugin versions through 1.2.5 Description The Frontend Post Submission Manager Lite plugin for WordPress has an issue where authorization checks are missing on the post update functionality within the fpsm...

5.3CVSS6.7AI score0.0024EPSS
Exploits0References8
Snyk
Snyk
added 2025/11/14 8:43 a.m.2 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the MSTeams plugin OAuth flow. An attacker can modify arbitrary posts by sending a crafted OAuth redirect URL. Remediation Upgrade github.com/mattermost/mattermost/server/public/model to...

5.4CVSS6.5AI score0.00163EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/14 8:43 a.m.1 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the MSTeams plugin OAuth flow. An attacker can modify arbitrary posts by sending a crafted OAuth redirect URL. Remediation Upgrade github.com/mattermost/mattermost/server/channels/web to...

5.4CVSS6.5AI score0.00163EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/14 8:43 a.m.1 views

Missing Authentication for Critical Function

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the MSTeams plugin OAuth flow. An attacker can modify arbitrary posts by sending a crafted OAuth...

5.4CVSS6.5AI score0.00163EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/14 8:43 a.m.1 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the MSTeams plugin OAuth flow. An attacker can modify arbitrary posts by sending a crafted OAuth redirect URL. Remediation Upgrade github.com/mattermost/mattermost/server/channels/store t...

5.4CVSS6.9AI score0.00163EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/14 8:43 a.m.1 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the MSTeams plugin OAuth flow. An attacker can modify arbitrary posts by sending a crafted OAuth redirect URL. Remediation Upgrade github.com/mattermost/mattermost/server/channels/api4 to...

5.4CVSS6.9AI score0.00163EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/14 8:43 a.m.1 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the MSTeams plugin OAuth flow. An attacker can modify arbitrary posts by sending a crafted OAuth redirect URL. Remediation Upgrade...

5.4CVSS6.7AI score0.00163EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/14 8:43 a.m.2 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the MSTeams plugin OAuth flow. An attacker can modify arbitrary posts by sending a crafted OAuth redirect URL. Remediation Upgrade...

5.4CVSS6.9AI score0.00163EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/14 8:43 a.m.3 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the MSTeams plugin OAuth flow. An attacker can modify arbitrary posts by sending a crafted OAuth redirect URL. Remediation Upgrade...

5.4CVSS6.5AI score0.00163EPSS
Exploits0References2
CVE
CVE
added 2025/11/05 12:0 a.m.11 views

CVE-2025-57244

OpenKM Community Edition 6.3.12 is listed as vulnerable to a stored cross-site scripting (XSS) flaw in the user account creation interface. The affected component is the registration form where the Name field accepts script tags and the Email field is vulnerable when a POST request is modified to...

5.4CVSS5.5AI score0.00197EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-11840

Malware in sbrugna...

6.5CVSS6.4AI score0.00889EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-30320

Malware in sbrugna...

6.5CVSS6.5AI score0.00961EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-12595

Malicious code in bioql PyPI...

7.6CVSS4.9AI score0.0065EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-12464

Malicious code in bioql PyPI...

5.4CVSS5AI score0.00512EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-17575

Malicious code in bioql PyPI...

6.3CVSS8.9AI score0.0052EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 8:45 a.m.5 views

CVE-2024-4199

The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 4.2.3. This makes it possible for authenticated attackers, with subscriber access an...

4.3CVSS5.9AI score0.00296EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:38 a.m.12 views

CVE-2024-4874

The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and...

4.3CVSS6.5AI score0.00314EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:40 a.m.10 views

CVE-2023-0555

The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those...

8.1CVSS4.2AI score0.00602EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/04/22 12:33 p.m.4 views

WordPress wProject theme < 5.8.0 - Unauthenticated Post/Comment/Attachment Modification/Deletion vulnerability

Unauthenticated Post/Comment/Attachment Modification/Deletion vulnerability discovered by Dave Jong Patchstack in WordPress Theme wProject versions 5.8.0...

8.2CVSS7AI score0.0027EPSS
Exploits0Affected Software1
Rows per page
Query Builder