Lucene search
K

34 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.9 views

CVE-2026-1541

The Avada Fusion Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.15.1. This is due to the plugin's fusiongetpostcustomfield function failing to validate whether metadata keys are protected underscore-prefixed. This makes it...

4.3CVSS5.4AI score0.00269EPSS
Exploits0References1
NVD
NVD
added 2026/04/15 4:17 a.m.10 views

CVE-2026-1541

The Avada Fusion Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.15.1. This is due to the plugin's fusiongetpostcustomfield function failing to validate whether metadata keys are protected underscore-prefixed. This makes it...

4.3CVSS0.00269EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.10 views

WordPress plugin Avada (Fusion) Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

4.3CVSS5.8AI score0.00269EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.8 views

PT-2026-32995

The Avada Fusion Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.15.1. This is due to the plugin's fusion get post custom field function failing to validate whether metadata keys are protected underscore-prefixed. This makes it...

4.3CVSS5.7AI score0.00269EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/26 10:14 a.m.6 views

CVE-2026-2301

The Post Duplicator plugin for WordPress is vulnerable to unauthorized arbitrary protected post meta insertion in all versions up to, and including, 3.0.8. This is due to the duplicatepost function in includes/api.php using $wpdb-insert directly to the wppostmeta table instead of WordPress's...

4.3CVSS5.5AI score0.00211EPSS
Exploits0References1
NVD
NVD
added 2026/02/25 10:16 a.m.11 views

CVE-2026-2301

The Post Duplicator plugin for WordPress is vulnerable to unauthorized arbitrary protected post meta insertion in all versions up to, and including, 3.0.8. This is due to the duplicatepost function in includes/api.php using $wpdb-insert directly to the wppostmeta table instead of WordPress's...

4.3CVSS0.00211EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/25 9:26 a.m.5 views

CVE-2026-2301

The Post Duplicator plugin for WordPress is vulnerable to unauthorized arbitrary protected post meta insertion in all versions up to, and including, 3.0.8. This is due to the duplicatepost function in includes/api.php using $wpdb-insert directly to the wppostmeta table instead of WordPress's...

4.3CVSS5.5AI score0.00211EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/25 9:26 a.m.31 views

CVE-2026-2301 Post Duplicator <= 3.0.8 - Missing Authorization to Authenticated (Contributor+) Protected Post Meta Insertion via 'customMetaData' Parameter

The Post Duplicator plugin for WordPress is vulnerable to unauthorized arbitrary protected post meta insertion in all versions up to, and including, 3.0.8. This is due to the duplicatepost function in includes/api.php using $wpdb-insert directly to the wppostmeta table instead of WordPress's...

4.3CVSS0.00211EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/11 9:27 a.m.5 views

CVE-2026-2295

The WPZOOM Addons for Elementor – Starter Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajaxpostgridloadmore' function in all versions up to, and including, 1.3.2. This makes it possible for unauthenticated attacker...

5.3CVSS5.5AI score0.00325EPSS
Exploits0References4
CVE
CVE
added 2026/02/11 9:27 a.m.26 views

CVE-2026-2295

CVE-2026-2295 affects the WordPress plugin “WPZOOM Addons for Elementor – Starter Templates & Widgets” up to version 1.3.2, exposing protected post titles and excerpts via an unauthenticated request to ajax_post_grid_load_more due to a missing capability check. Multiple sources (Wordfence, CVE en...

5.3CVSS5.5AI score0.00325EPSS
Exploits0References3
NVD
NVD
added 2025/11/25 8:15 a.m.6 views

CVE-2025-12525

The Locker Content plugin for WordPress is vulnerable to Sensitive Information Exposure in version 1.0.0 via the 'lockercosubmitpost' AJAX endpoint. This makes it possible for unauthenticated attackers to extract content from posts that has been protected by the plugin...

5.3CVSS0.00256EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/25 7:28 a.m.18 views

CVE-2025-12525 Locker Content <= 1.0.0 - Unauthenticated Information Exposure

The Locker Content plugin for WordPress is vulnerable to Sensitive Information Exposure in version 1.0.0 via the 'lockercosubmitpost' AJAX endpoint. This makes it possible for unauthenticated attackers to extract content from posts that has been protected by the plugin...

5.3CVSS0.00256EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.9 views

PT-2025-47998

The Locker Content plugin for WordPress is vulnerable to Sensitive Information Exposure in version 1.0.0 via the 'lockerco submit post' AJAX endpoint. This makes it possible for unauthenticated attackers to extract content from posts that has been protected by the plugin...

5.3CVSS6.4AI score0.00256EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/07/04 12:0 a.m.3 views

WordPress plugin DocCheck Login 访问控制错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. An Access Control Error vulnerability exists in WordPress DocCheck Login, which originates from a page load that redirects a user to login, and can be exploited by an...

5.3CVSS6.6AI score0.00297EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 9:4 p.m.8 views

CVE-2021-24635

The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user such as subscriber to call them and 1 Get and search through title and content of Draft post, ...

5.5CVSS6.7AI score0.00615EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/03/08 9:22 a.m.12 views

CVE-2025-1322 WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Authenticated (Contributor+) Protected Post Disclosure

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 16.26.10 via the 'feed' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated...

4.3CVSS4.7AI score0.00417EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/03/08 3:58 a.m.4 views

WordPress WP-Recall plugin <= 16.26.10 - Authenticated (Contributor+) Protected Post Disclosure vulnerability

Authenticated Contributor+ Protected Post Disclosure vulnerability discovered by Krzysztof Zając in WordPress Plugin WP-Recall versions = 16.26.10...

4.3CVSS9.1AI score0.00417EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/25 6:42 a.m.10 views

CVE-2024-12335 Avada Builder <= 3.11.12 - Authenticated (Contributor+) Protected Post Disclosure

The Avada Fusion Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.11.12 via the handleclonepost function and the 'fusionblog' shortcode and due to insufficient restrictions on which posts can be included. This makes it possible for...

4.3CVSS6.8AI score0.00359EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/12/24 10:12 p.m.7 views

WordPress Avada Builder plugin <= 3.11.12 - Authenticated (Contributor+) Protected Post Disclosure vulnerability

Authenticated Contributor+ Protected Post Disclosure vulnerability discovered by Webbernaut in WordPress Plugin Fusion Builder versions = 3.11.12...

4.3CVSS7AI score0.00359EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/12 12:0 a.m.18 views

Element Pack Elementor Addons < 5.6.0 - Sensitive Information Exposure via element_pack_ajax_search

Description The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.5.6 via the elementpackajaxsearch function. This makes it possible for...

7.5CVSS7AI score0.00492EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder