Lucene search
K

48 matches found

Vulnrichment
Vulnrichment
added 2026/04/04 7:42 a.m.4 views

CVE-2026-4896 WCFM - WooCommerce Frontend Manager <= 6.7.25 - Insecure Direct Object References to Autenticated (Vendor+) Arbitrary Post/Product Manipulation

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including wcfmmodifyorderstatus, deletewcfmarticle,...

8.1CVSS5.9AI score0.00351EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 9:26 a.m.6 views

CVE-2023-4923

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobebulkoperationsdelete function. This makes it possible for unauthenticated attackers to delete products via a forged reques...

5.4CVSS5.3AI score0.00288EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:37 a.m.8 views

CVE-2019-7925

An insecure direct object reference IDOR vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an administrator with limited privileges to delete the downloadable products folder...

5.5CVSS6.7AI score0.0073EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/07 6:5 a.m.8 views

CVE-2025-12720

The g-FFL Cockpit plugin for WordPress is vulnerable to unauthorized modification of data due to IP-based authorization that can be spoofed in the handleenqueueonly function in all versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to delete arbitrary...

5.3CVSS6.1AI score0.00235EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/06 6:30 a.m.4 views

EUVD-2025-201531

The g-FFL Cockpit plugin for WordPress is vulnerable to unauthorized modification of data due to IP-based authorization that can be spoofed in the handleenqueueonly function in all versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to delete arbitrary...

5.3CVSS5.7AI score0.00235EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/06 5:49 a.m.2 views

CVE-2025-12720 g-FFL Cockpit <= 1.7.1 - Improper Authorization to Unauthenticated Product Deletion

The g-FFL Cockpit plugin for WordPress is vulnerable to unauthorized modification of data due to IP-based authorization that can be spoofed in the handleenqueueonly function in all versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to delete arbitrary...

5.3CVSS5.7AI score0.00235EPSS
Exploits0References5
NVD
NVD
added 2025/12/05 8:15 a.m.5 views

CVE-2025-12130

The WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.4. This is due to missing or incorrect nonce validation on the /vendordashboard/product/delete/ endpoint...

4.3CVSS0.00102EPSS
Exploits0References2
CVE
CVE
added 2025/12/05 7:26 a.m.11 views

CVE-2025-12130

CVE-2025-12130 concerns the WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors WordPress plugin. Wordfence and NVD indicate a Cross-Site Request Forgery (CSRF) vulnerability due to missing/incorrect nonce validation on the /vendor_dashboard/product/delete/ endpoint, al...

4.3CVSS4.9AI score0.00102EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/05 7:26 a.m.24 views

CVE-2025-12130 WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors <= 2.6.4 - Cross-Site Request Forgery to Vendor Product Deletion

The WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.4. This is due to missing or incorrect nonce validation on the /vendordashboard/product/delete/ endpoint...

4.3CVSS0.00102EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.6 views

PT-2025-49231

The WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.4. This is due to missing or incorrect nonce validation on the /vendor dashboard/product/delete/ endpoint...

4.3CVSS5.3AI score0.00102EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/12/04 11:17 p.m.6 views

WordPress WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors plugin <= 2.6.4 - Cross-Site Request Forgery to Vendor Product Deletion vulnerability

Cross-Site Request Forgery to Vendor Product Deletion vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin WC Vendors Marketplace versions = 2.6.4...

4.3CVSS6.7AI score0.00102EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2015-4373

Malware in sbrugna...

6.8CVSS6.4AI score0.00649EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2011-4332

Malware in sbrugna...

5.8CVSS6.4AI score0.01714EPSS
Exploits3References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-17690

Malware in sbrugna...

5.3CVSS5.6AI score0.01886EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-54759

Malicious code in bioql PyPI...

5.4CVSS6.1AI score0.00288EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-53269

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.01068EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-54760

Malicious code in bioql PyPI...

5.4CVSS6.1AI score0.00273EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-2993

Malicious code in bioql PyPI...

5.5CVSS5.5AI score0.0073EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-54762

Malicious code in bioql PyPI...

5.4CVSS6.1AI score0.00288EPSS
Exploits0References3
Veracode
Veracode
added 2025/09/15 5:19 a.m.6 views

Improper Access Control

unopim/unopim is vulnerable to Improper Access Control. The vulnerability is due to insufficient privilege enforcement on the mass-delete endpoint, which allows an attacker without "Delete" permissions to bypass restrictions and delete products...

8.1CVSS6.8AI score0.00387EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder