Lucene search
+L

506 matches found

CVE
CVE
added 2026/06/02 4:44 p.m.23 views

CVE-2026-40571

CVE-2026-40571 (NamelessMC) affects NamelessMC website software for Minecraft servers. In version 2.2.4, the file core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. As a result, authenticated low-privil...

5.3CVSS5.8AI score0.00235EPSS
Exploits0References1
OSV
OSV
added 2026/06/02 4:44 p.m.3 views

CVE-2026-40571 NamelessMC: Reactions on private or blocking profile posts can be modified without proper authorization

NamelessMC is website software for Minecraft servers. In version 2.2.4, core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. This means that authenticated low-privileged users can add reactions to private...

5.3CVSS6AI score0.00235EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/02 4:8 p.m.9 views

CVE-2026-40314

NamelessMC is website software for Minecraft servers. In version 2.2.4,core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. modules/Core/queries/reactions.php allows unauthenticated GET requests for...

6.9CVSS5.8AI score0.00272EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/02 4:8 p.m.10 views

CVE-2026-40314 NamelessMC: Reactions on private or blocking profile posts can be read and modified without proper authorization

NamelessMC is website software for Minecraft servers. In version 2.2.4,core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. modules/Core/queries/reactions.php allows unauthenticated GET requests for...

6.9CVSS5.8AI score0.00272EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 4:8 p.m.14 views

EUVD-2026-33976

NamelessMC is website software for Minecraft servers. In version 2.2.4,core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. modules/Core/queries/reactions.php allows unauthenticated GET requests for...

6.9CVSS5.8AI score0.00272EPSS
Exploits0References1
OSV
OSV
added 2026/06/02 4:8 p.m.3 views

CVE-2026-40314 NamelessMC: Reactions on private or blocking profile posts can be read and modified without proper authorization

NamelessMC is website software for Minecraft servers. In version 2.2.4,core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. modules/Core/queries/reactions.php allows unauthenticated GET requests for...

6.9CVSS5.9AI score0.00272EPSS
Exploits0References3
CVE
CVE
added 2026/06/02 4:8 p.m.22 views

CVE-2026-40314

NamelessMC (Minecraft server website software) 2.2.4 is affected by an authorization issue where core/classes/Misc/ProfilePostReactionContext.php only verifies the wall post exists and fails to enforce blocked/private-profile visibility, while modules/Core/queries/reactions.php permits unauthenti...

6.9CVSS5.8AI score0.00272EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.33 views

PT-2026-44747

Name of the Vulnerable Software and Affected Versions Breeze versions prior to 2.5.3 Description Improper verification of the wordpress logged in cookie in the inc/cache/execute-cache.php file occurs when the "Cache Logged-in Users" setting is enabled. The plugin uses the substr function to parse...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.13 views

WordPress plugin Breeze 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.13 views

WordPress plugin Timetable and Event Schedule by MotoPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.3CVSS5.8AI score0.00218EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/14 8:24 a.m.43 views

CVE-2026-6206 MW WP Form <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure via 'post_id' Query Parameter

The MW WP Form plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.1.2 via the getpostpropertyfromquerystring function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract da...

5.3CVSS0.00351EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/14 8:24 a.m.8 views

CVE-2026-6206 MW WP Form <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure via 'post_id' Query Parameter

The MW WP Form plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.1.2 via the getpostpropertyfromquerystring function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract da...

5.3CVSS5.8AI score0.00351EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/14 8:24 a.m.9 views

CVE-2026-6206

The MW WP Form plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.1.2 via the getpostpropertyfromquerystring function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract da...

5.3CVSS5.8AI score0.00351EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.17 views

PT-2026-40896

Name of the Vulnerable Software and Affected Versions MW WP Form versions prior to 5.1.3 Description Insufficient restrictions in the get post property from querystring function allow unauthenticated attackers to extract data from private, draft, or password-protected posts. Recommendations Updat...

5.3CVSS5.8AI score0.00351EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.17 views

WordPress plugin MW WP Form 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00351EPSS
Exploits0References1
NVD
NVD
added 2026/04/29 9:16 a.m.9 views

CVE-2026-4019

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data access in all versions up to, and including, 7.4.5 This is due to the REST API endpoint at /wp-json/complianz/v1/consent-area/postid/blockid using returntrue as the permissioncallback, allowing any...

5.3CVSS0.00276EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/29 8:27 a.m.8 views

EUVD-2026-26200

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data access in all versions up to, and including, 7.4.5 This is due to the REST API endpoint at /wp-json/complianz/v1/consent-area/postid/blockid using returntrue as the permissioncallback, allowing any...

5.3CVSS5.3AI score0.00276EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/29 8:27 a.m.3 views

CVE-2026-4019

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data access in all versions up to, and including, 7.4.5 This is due to the REST API endpoint at /wp-json/complianz/v1/consent-area/postid/blockid using returntrue as the permissioncallback, allowing any...

5.3CVSS5.3AI score0.00276EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/04/29 8:27 a.m.2 views

CVE-2026-4019 Complianz – GDPR/CCPA Cookie Consent <= 7.4.5 - Missing Authorization to Unauthenticated Private Post Content Disclosure via Consent Area REST Endpoint

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data access in all versions up to, and including, 7.4.5 This is due to the REST API endpoint at /wp-json/complianz/v1/consent-area/postid/blockid using returntrue as the permissioncallback, allowing any...

5.3CVSS5.3AI score0.00276EPSS
Exploits0References6
CVE
CVE
added 2026/04/29 8:27 a.m.24 views

CVE-2026-4019

The CVE-2026-4019 vulnerability affects the WordPress plugin Complianz – GDPR/CCPA Cookie Consent (versions up to and including 7.4.5). The REST endpoint /wp-json/complianz/v1/consent-area/{post_id}/{block_id} uses a permissive permission_callback (__return_true), enabling unauthenticated request...

5.3CVSS5.3AI score0.00276EPSS
Exploits0References6
Rows per page
Query Builder