Lucene search
K

500 matches found

Cvelist
Cvelist
added 2026/02/19 4:36 a.m.29 views

CVE-2025-13842 Breadcrumb NavXT <= 7.5.0 - Missing Authorization to Sensitive Information Exposure

The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user-controlled key in versions up to and including 7.5.0. This is due to the Gutenberg block renderer trusting the $REQUEST'postid' parameter without verification in the...

5.3CVSS0.00322EPSS
Exploits0References3
CVE
CVE
added 2026/02/19 4:36 a.m.32 views

CVE-2025-13842

CVE-2025-13842 applies to the Breadcrumb NavXT WordPress plugin, affected up to version 7.5.0. The underlying issue is an authorization bypass: the Gutenberg block renderer trusts the $_REQUEST['post_id'] in includes/blocks/build/breadcrumb-trail/render.php, enabling unauthenticated users to enum...

5.3CVSS5.5AI score0.00322EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.12 views

PT-2026-20607

The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user-controlled key in versions up to and including 7.5.0. This is due to the Gutenberg block renderer trusting the $ REQUEST'post id' parameter without verification in the...

5.3CVSS5.5AI score0.00322EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.13 views

PT-2026-20776

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 4.0 to 5.10 via the 'load track note ajax' due to missing validation on a user controlled key. This makes it possible for unauthenticated...

5.3CVSS5.6AI score0.00245EPSS
Exploits0References4
NVD
NVD
added 2026/02/18 5:16 a.m.10 views

CVE-2025-12074

The Context Blog theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.5 via the 'contextblogmodalpopup' due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from passwor...

5.3CVSS0.00336EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/18 4:35 a.m.25 views

CVE-2025-12074 Context Blog <= 1.2.5 - Unauthenticated Private Post Disclosure

The Context Blog theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.5 via the 'contextblogmodalpopup' due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from passwor...

5.3CVSS0.00336EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/18 4:35 a.m.5 views

CVE-2025-12074 Context Blog <= 1.2.5 - Unauthenticated Private Post Disclosure

The Context Blog theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.5 via the 'contextblogmodalpopup' due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from passwor...

5.3CVSS5.6AI score0.00336EPSS
Exploits0References5
CVE
CVE
added 2026/02/18 4:35 a.m.22 views

CVE-2025-12074

CVE-2025-12074 affects Context Blog (WordPress theme) up to version 1.2.5, enabling unauthenticated information exposure through context_blog_modal_popup due to insufficient post-access restrictions. Impact is exposure of data from password-protected, private, or draft posts. Public advisories fr...

5.3CVSS5.6AI score0.00336EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/02/05 8:37 p.m.7 views

WordPress Relevanssi Premium plugin < 2.25.0 - Unauthenticated Private/Draft Post Disclosure vulnerability

Unauthenticated Private/Draft Post Disclosure vulnerability discovered by Krzysztof Zając CERT PL in WordPress Plugin Relevanssi Premium versions 2.25.0...

5.3CVSS5.3AI score0.00616EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2026/02/05 8:36 p.m.7 views

WordPress Relevanssi plugin < 4.22.0 - Unauthenticated Private/Draft Post Disclosure vulnerability

Unauthenticated Private/Draft Post Disclosure vulnerability discovered by Krzysztof Zając CERT PL in WordPress Plugin Relevanssi versions 4.22.0...

5.3CVSS5.3AI score0.00616EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2026/01/31 5:16 a.m.10 views

CVE-2025-15525

The Ajax Load More – Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable to unauthorized access of data due to incorrect authorization on the parsecustomargs function in all versions up to, and including, 7.8.1. This makes it possible for unauthenticated attackers to expose...

5.3CVSS0.00264EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/31 4:35 a.m.33 views

CVE-2025-15525 Ajax Load More – Infinite Scroll, Lazy Load & Load More <= 7.8.1 - Incorrect Authorization to Unauthenticated Private/Draft Post Title and Excerpt Exposure

The Ajax Load More – Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable to unauthorized access of data due to incorrect authorization on the parsecustomargs function in all versions up to, and including, 7.8.1. This makes it possible for unauthenticated attackers to expose...

5.3CVSS0.00264EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/31 4:35 a.m.3 views

CVE-2025-15525 Ajax Load More – Infinite Scroll, Lazy Load & Load More <= 7.8.1 - Incorrect Authorization to Unauthenticated Private/Draft Post Title and Excerpt Exposure

The Ajax Load More – Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable to unauthorized access of data due to incorrect authorization on the parsecustomargs function in all versions up to, and including, 7.8.1. This makes it possible for unauthenticated attackers to expose...

5.3CVSS5.4AI score0.00264EPSS
Exploits0References2
CVE
CVE
added 2026/01/31 4:35 a.m.20 views

CVE-2025-15525

CVE-2025-15525 affects the WordPress plugin “Ajax Load More – Infinite Scroll, Load More, & Lazy Load.” The vulnerability arises from incorrect authorization in the parse_custom_args() function, allowing unauthenticated users to view titles and excerpts of private, draft, pending, scheduled, and ...

5.3CVSS5.9AI score0.00264EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/31 4:35 a.m.6 views

EUVD-2025-206596

The Ajax Load More – Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable to unauthorized access of data due to incorrect authorization on the parsecustomargs function in all versions up to, and including, 7.8.1. This makes it possible for unauthenticated attackers to expose...

5.3CVSS5.9AI score0.00264EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/31 12:0 a.m.10 views

PT-2026-5501

The Ajax Load More – Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable to unauthorized access of data due to incorrect authorization on the parse custom args function in all versions up to, and including, 7.8.1. This makes it possible for unauthenticated attackers to expo...

5.3CVSS5.9AI score0.00264EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/31 12:0 a.m.6 views

WordPress plugin Ajax Load More – Infinite Scroll, Load More, & Lazy Load security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.3CVSS5.8AI score0.00264EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/01/30 1:43 a.m.9 views

WordPress BuddyBoss Platform plugin < 2.6.0 - Subscriber+ Comment on Private Post via IDOR vulnerability

Subscriber+ Comment on Private Post via IDOR vulnerability discovered by Faris Krivic in WordPress Plugin Buddyboss Platform versions 2.6.0...

4.3CVSS5.9AI score0.00375EPSS
Exploits2References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/26 3:12 a.m.18 views

CVE-2025-6461

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-ajax-hooks.php due to insufficient restrictions on which posts can be included. This makes it...

4.3CVSS5.6AI score0.00196EPSS
Exploits0References1
NVD
NVD
added 2026/01/25 3:15 a.m.7 views

CVE-2025-6461

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-ajax-hooks.php due to insufficient restrictions on which posts can be included. This makes it...

4.3CVSS0.00196EPSS
Exploits0References2
Rows per page
Query Builder