Lucene search
K

7 matches found

Nuclei
Nuclei
added 7 hours ago15 views

WordPress Bookit < 2.5.1 - Unauthenticated Stripe Settings Update

Bookit WordPress plugin 2.5.1 contains a broken access control vulnerability caused by a publicly accessible REST endpoint allowing unauthenticated update of Stripe payment options, letting remote attackers modify payment settings without authentication. id: CVE-2025-12841 info: name: WordPress...

5.3CVSS6AI score0.00654EPSS
Exploits0References3
NVD
NVD
added 2026/06/15 8:16 a.m.15 views

CVE-2026-8386

The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its public single-marker REST endpoint, allowing unauthenticated users to retrieve marker records that an administrator has not yet approved for public display, including any PII placed in the address...

5.3CVSS0.00225EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 6:0 a.m.13 views

EUVD-2026-36698

The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its public single-marker REST endpoint, allowing unauthenticated users to retrieve marker records that an administrator has not yet approved for public display, including any PII placed in the address...

5.3CVSS5.3AI score0.00225EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 6:0 a.m.6 views

CVE-2026-8386 WP Go Maps < 10.0.10 - Unauthenticated Sensitive Information Disclosure via Marker ID

The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its public single-marker REST endpoint, allowing unauthenticated users to retrieve marker records that an administrator has not yet approved for public display, including any PII placed in the address...

5.3AI score0.00225EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.6 views

PT-2026-26795

The WowOptin: Next-Gen Popup Maker plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.4.29. This is due to the plugin exposing a publicly accessible REST API endpoint optn/v1/integration-action with a permission callback of return true that...

7.2CVSS5.9AI score0.00299EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2025/12/13 11:6 a.m.5 views

CVE-2025-12841

The Bookit WordPress plugin before 2.5.1 has a publicly accessible REST endpoint that allows unauthenticated update of the plugins Stripe payment options...

5.3CVSS7AI score0.00654EPSS
Exploits0References1
CVE
CVE
added 2025/12/06 5:49 a.m.21 views

CVE-2025-13666

CVE-2025-13666 refers to the Helloprint WordPress plugin (WordPress Helloprint plugin) with vulnerability in versions up to and including 2.1.2. The issue is Missing Authorization due to a publicly registered REST API endpoint that does not verify request authenticity, enabling unauthenticated ac...

5.3CVSS5.7AI score0.00236EPSS
Exploits0References3
Rows per page
Query Builder