Lucene search
K

9 matches found

EUVD
EUVD
added yesterday6 views

EUVD-2026-43289

The Tutor LMS WordPress plugin before 3.9.13 does not verify that the requesting user is allowed to edit a target post before overwriting it in one of its content-builder save handlers, authorizing the request only against an unrelated identifier, allowing authenticated users with instructor-leve...

6.5CVSS6.1AI score0.00135EPSS
Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-12274

The Tutor LMS WordPress plugin before 3.9.13 does not verify that the requesting user is allowed to edit a target post before overwriting it in one of its content-builder save handlers, authorizing the request only against an unrelated identifier, allowing authenticated users with instructor-leve...

6.5CVSS0.00135EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday30 views

CVE-2026-12274 Tutor LMS < 3.9.13 - Instructor+ Arbitrary Post Overwrite via IDOR

The Tutor LMS WordPress plugin before 3.9.13 does not verify that the requesting user is allowed to edit a target post before overwriting it in one of its content-builder save handlers, authorizing the request only against an unrelated identifier, allowing authenticated users with instructor-leve...

0.00135EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42542

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.7 via the 'wpuffilesdata' parameter due to missing validation on a user controll...

5.3CVSS6AI score0.00243EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/03/18 2:29 a.m.8 views

WordPress Yoast Duplicate Post plugin <= 4.5 - Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite vulnerability

Authenticated Contributor+ Missing Authorization to Arbitrary Post Duplication and Overwrite vulnerability discovered by johska in WordPress Plugin Duplicate Post versions = 4.5...

5.4CVSS5.8AI score0.00171EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/13 8:25 a.m.2 views

CVE-2026-2879 GetGenie <= 4.3.2 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Post Overwrite/Deletion

The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.2. This is due to missing validation on the id parameter in the create method of the GetGenieChat REST API endpoint. The method accepts a user-controlled post ID and, when...

5.4CVSS5.9AI score0.00281EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/13 8:25 a.m.25 views

CVE-2026-2879 GetGenie <= 4.3.2 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Post Overwrite/Deletion

The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.2. This is due to missing validation on the id parameter in the create method of the GetGenieChat REST API endpoint. The method accepts a user-controlled post ID and, when...

5.4CVSS0.00281EPSS
Exploits0References4
NVD
NVD
added 2026/02/16 10:16 a.m.9 views

CVE-2026-0998

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate user identity and post ownership in the /api/v1/askPMI endpoint which allows unauthorized users to start Zoom meetings as any user and overwrite arbitrary posts via...

4.3CVSS0.00152EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/16 12:0 a.m.5 views

PT-2026-8329

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.1.x through 11.1.2 Mattermost versions 10.11.x through 10.11.9 Mattermost versions 11.2.x through 11.2.1 Mattermost Plugin Zoom versions through 1.11.0 Description The software does not properly validate user identity an...

9.9CVSS5.2AI score0.34346EPSS
Exploits45References117
Rows per page
Query Builder