Lucene search
K

263 matches found

Cvelist
Cvelist
added 2026/01/17 7:27 a.m.27 views

CVE-2025-12129 CubeWP – All-in-One Dynamic Content Framework <= 1.1.27 - Unauthenticated Information Exposure

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the /cubewp-posts/v1/query-new and /cubewp-posts/v1/query REST API endpoints due to insufficient restrictions on which posts can be include...

5.3CVSS0.00219EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/17 12:0 a.m.10 views

PT-2026-3353

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the /cubewp-posts/v1/query-new and /cubewp-posts/v1/query REST API endpoints due to insufficient restrictions on which posts can be include...

5.3CVSS6.2AI score0.00219EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.5 views

CVE-2025-14279

MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. An...

8.1CVSS6.9AI score0.00193EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/01/12 9:30 a.m.10 views

MLFlow is vulnerable to DNS rebinding attacks due to a lack of Origin header validation

MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. An...

8.1CVSS6.9AI score0.00193EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/01/12 9:15 a.m.9 views

CVE-2025-14279

MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. An...

8.1CVSS0.00193EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/12 12:0 a.m.6 views

PT-2026-1734

Name of the Vulnerable Software and Affected Versions MLFlow versions up to and including 3.4.0 Description MLFlow versions up to and including 3.4.0 are susceptible to DNS rebinding attacks because of missing Origin header validation within the MLFlow REST server. This allows malicious websites ...

8.1CVSS7.9AI score0.00193EPSS
Exploits1References16
OSV
OSV
added 2025/12/17 7:15 a.m.2 views

CVE-2025-11924

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.13.2. This is due to the plugin not properly verifying that a user is authorized before the ninja-forms-views REST endpoints...

7.5CVSS5.8AI score0.00364EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/17 6:42 a.m.11 views

EUVD-2025-203882

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.13.2. This is due to the plugin not properly verifying that a user is authorized before the ninja-forms-views REST endpoints...

7.5CVSS5.5AI score0.00364EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/14 4:6 a.m.10 views

CVE-2025-12512

The GenerateBlocks plugin for WordPress is vulnerable to information exposure due to missing object-level authorization checks in versions up to, and including, 2.1.2. This is due to the plugin registering multiple REST API routes under generateblocks/v1/meta/ that gate access with...

4.3CVSS5.7AI score0.00342EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/13 6:30 p.m.6 views

EUVD-2025-203187

The GenerateBlocks plugin for WordPress is vulnerable to information exposure due to missing object-level authorization checks in versions up to, and including, 2.1.2. This is due to the plugin registering multiple REST API routes under generateblocks/v1/meta/ that gate access with...

4.3CVSS5.3AI score0.00342EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.6 views

WordPress plugin Bookit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

5.3CVSS6.5AI score0.00654EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/05 10:57 a.m.33 views

CVE-2025-13620 Wp Social Login and Register Social Counter <= 3.1.3 - Missing Authorization in Cache REST Endpoints to Social Counter Tampering

The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to missing authorization in versions up to, and including, 3.1.3. This is due to the REST routes wslu/v1/checkcache/type, wslu/v1/savecache/type, and wslu/v1/settings/clearcountercache being registered with...

5.3CVSS0.00341EPSS
Exploits0References3
CVE
CVE
added 2025/12/05 10:57 a.m.24 views

CVE-2025-13620

CVE-2025-13620 (WordPress) affects the WP Social Login and Register Social Counter plugin (versions up to 3.1.3). Multiple REST routes (wslu/v1/check_cache/{type}, wslu/v1/save_cache/{type}, wslu/v1/settings/clear_counter_cache) were registered with permission_callback set to __return_true and la...

5.3CVSS5.4AI score0.00341EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/05 4:29 a.m.5 views

EUVD-2025-201339

The SurveyFunnel – Survey Plugin for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via several unprotected /wp-json/surveyfunnel/v2/ REST API endpoints. This makes it possible for unauthenticated attackers to extract...

5.3CVSS5.5AI score0.00256EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/05 4:29 a.m.33 views

CVE-2025-13006 SurveyFunnel – Survey Plugin for WordPress <= 1.1.5 - Unauthenticated Information Exposure

The SurveyFunnel – Survey Plugin for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via several unprotected /wp-json/surveyfunnel/v2/ REST API endpoints. This makes it possible for unauthenticated attackers to extract...

5.3CVSS0.00256EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/12/04 11:32 p.m.10 views

WordPress Wp Social Login and Register Social Counter plugin <= 3.1.3 - Missing Authorization in Cache REST Endpoints to Social Counter Tampering vulnerability

Missing Authorization in Cache REST Endpoints to Social Counter Tampering vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Wp Social versions = 3.1.3...

5.3CVSS6.8AI score0.00341EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/12/02 7:24 a.m.5 views

EUVD-2025-200213

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.9.4. This is due to insufficient capability checks in the REST API endpoints under the 'fl-controls/v1' namespace that control site-wide Global Presets...

4.3CVSS5.1AI score0.00302EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.9 views

PT-2025-48650

Name of the Vulnerable Software and Affected Versions Beaver Builder – WordPress Page Builder plugin versions prior to 2.9.4 Description The Beaver Builder – WordPress Page Builder plugin for WordPress is susceptible to a missing authorization issue. Insufficient capability checks within the REST...

4.3CVSS5.7AI score0.00302EPSS
Exploits0References10
Imperva Blog
Imperva Blog
added 2025/12/01 4:20 p.m.10 views

CVE-2025-61757: Imperva Customers Protected Against Critical Oracle Identity Manager Authentication Bypass Leading to Remote Code Execution

At the end of October 2025, Oracle released an emergency security alert addressing CVE-2025-61757, a high-severity authentication-bypass flaw that enables remote code execution in the Identity Manager product of Oracle Fusion Middleware versions 12.2.1.4.0 and 14.1.2.1.0. Multiple threat actors a...

9.8CVSS8.9AI score0.88312EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/11/20 9:37 p.m.14 views

CVE-2025-12535

The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all versions up to, and including, 1.13.1. This is due to the plugin distributing generic WordPress REST API nonces wprest to unauthenticated users via the 'wpajaxnoprivrest-nonce' action. While the plugin...

5.3CVSS6.2AI score0.00185EPSS
Exploits0References1
Rows per page
Query Builder