Lucene search
K

6279 matches found

EUVD
EUVD
added 2025/11/18 12:30 p.m.6 views

EUVD-2025-197964

The WP Duplicate Page plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'saveSettings' function. This makes it possible for authenticated...

4.3CVSS5.2AI score0.00207EPSS
Exploits0References5
NVD
NVD
added 2025/11/18 10:15 a.m.5 views

CVE-2025-12481

The WP Duplicate Page plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'saveSettings' function. This makes it possible for authenticated...

4.3CVSS0.00207EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/18 9:27 a.m.11 views

CVE-2025-12481 WP Duplicate Page <= 1.7 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure

The WP Duplicate Page plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'saveSettings' function. This makes it possible for authenticated...

4.3CVSS0.00207EPSS
Exploits0References4
CVE
CVE
added 2025/11/18 9:27 a.m.9 views

CVE-2025-12481

The vulnerability CVE-2025-12481 affects the WP Duplicate Page plugin for WordPress (versions up to 1.7). Root cause: Missing authorization checks in saveSettings allow authenticated users with Contributor+ privileges to modify plugin settings that control capabilities, enabling them to duplicate...

4.3CVSS5.2AI score0.00207EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/18 9:27 a.m.5 views

CVE-2025-12481 WP Duplicate Page <= 1.7 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure

The WP Duplicate Page plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'saveSettings' function. This makes it possible for authenticated...

4.3CVSS5.2AI score0.00207EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/18 9:27 a.m.12 views

CVE-2025-11734 Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links <= 1.2.5 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Trashing

The Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization in all versions up to, and including, 1.2.5. This is due to the plugin registering a REST API endpoint that only...

5.4CVSS0.00194EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/18 6:43 a.m.4 views

CVE-2025-12524 Post Type Switcher <= 4.0.0 - Insecure Direct Object Reference to Authenticated (Author+) Post Type Change

The Post Type Switcher plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.0.0 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to modify the post type...

5.4CVSS5.3AI score0.0025EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.6 views

PT-2025-47281

Name of the Vulnerable Software and Affected Versions WP Duplicate Page plugin versions prior to 1.8 Description The WP Duplicate Page plugin for WordPress is affected by a missing authorization issue. The plugin does not properly verify user authorization to perform actions within the saveSettin...

4.3CVSS5.9AI score0.00207EPSS
Exploits0References7
Circl
Circl
added 2025/11/17 11:20 p.m.7 views

CVE-2025-13223

creationtimestamp| type| source ---|---|--- 2025-11-17 23:20:14+00:00| seen| https://bsky.app/profile/baldanders.info/post/3m5uefi3p7k2y 2025-11-17 23:30:35+00:00| seen| https://bsky.app/profile/spiegel.goark.fedicity.net.ap.brid.gy/post/3m5uesnjmb4p2 2025-11-17 23:50:01+00:00| seen|...

8.8CVSS7.5AI score0.04835EPSS
Exploits1References96
RedhatCVE
RedhatCVE
added 2025/11/14 10:11 a.m.10 views

CVE-2025-64262

Cross-Site Request Forgery CSRF vulnerability in ramon fincken Auto Prune Posts auto-prune-posts allows Cross Site Request Forgery.This issue affects Auto Prune Posts: from n/a through = 3.0.0...

6.5CVSS6.9AI score0.00113EPSS
Exploits0References1
Snyk
Snyk
added 2025/11/14 8:43 a.m.4 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the MSTeams plugin OAuth flow. An attacker can modify arbitrary posts by sending a crafted OAuth redirect URL. Remediation Upgrade...

5.4CVSS6.5AI score0.0016EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/14 8:43 a.m.3 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the MSTeams plugin OAuth flow. An attacker can modify arbitrary posts by sending a crafted OAuth redirect URL. Remediation Upgrade...

5.4CVSS6.5AI score0.0016EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/14 8:3 a.m.9 views

CVE-2025-55073 MS Teams plugin OAuth allows editing arbitrary posts

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11, 10.12.x = 10.12.0 fail to validate the relationship between the post being updated and the MSTeams plugin OAuth flow which allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL...

5.4CVSS0.0016EPSS
Exploits0References1
Circl
Circl
added 2025/11/13 10:31 p.m.12 views

CVE-2025-13131

creationtimestamp| type| source ---|---|--- 2025-11-13 22:31:02+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m5k7r6vwkso2 2025-11-13 22:56:22+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m5kb5m5gr5w2 2025-11-14...

8.5CVSS7.6AI score0.00113EPSS
Exploits0References3
Circl
Circl
added 2025/11/13 10:22 p.m.4 views

CVE-2025-36250

creationtimestamp| type| source ---|---|--- 2025-11-13 22:22:12+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115544721445633757 2025-11-13 22:30:51+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m5k7qnx74722 2025-11-13 22:56:55+00:00| seen|...

10CVSS6AI score0.00618EPSS
Exploits0References12
EUVD
EUVD
added 2025/11/13 12:31 p.m.2 views

EUVD-2025-163783

Cross-Site Request Forgery CSRF vulnerability in ramon fincken Auto Prune Posts auto-prune-posts allows Cross Site Request Forgery.This issue affects Auto Prune Posts: from n/a through = 3.0.0...

6.5CVSS6.3AI score0.00113EPSS
Exploits0References2
NVD
NVD
added 2025/11/13 10:15 a.m.3 views

CVE-2025-64262

Cross-Site Request Forgery CSRF vulnerability in ramon fincken Auto Prune Posts auto-prune-posts allows Cross Site Request Forgery.This issue affects Auto Prune Posts: from n/a through = 3.0.0...

6.5CVSS0.00113EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/13 9:24 a.m.3 views

CVE-2025-64262 WordPress Auto Prune Posts plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ramon fincken Auto Prune Posts auto-prune-posts allows Cross Site Request Forgery.This issue affects Auto Prune Posts: from n/a through = 3.0.0...

6.5CVSS6.5AI score0.00113EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/13 9:24 a.m.9 views

CVE-2025-64262 WordPress Auto Prune Posts plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ramon fincken Auto Prune Posts auto-prune-posts allows Cross Site Request Forgery.This issue affects Auto Prune Posts: from n/a through = 3.0.0...

6.5CVSS0.00113EPSS
Exploits0References1
CVE
CVE
added 2025/11/13 9:24 a.m.10 views

CVE-2025-64262

CVE-2025-64262 is a CSRF vulnerability in the WordPress plugin Auto Prune Posts (versions

6.5CVSS6.5AI score0.00113EPSS
Exploits0References1
Rows per page
Query Builder