Lucene search
K

462 matches found

Vulnrichment
Vulnrichment
added 2026/02/19 4:36 a.m.4 views

CVE-2025-14357 Mega Store Woocommerce <= 5.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page Creation and Settings Change

The Mega Store Woocommerce theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setupwidgets function in core/includes/importer/whizzie.php in all versions up to, and including, 5.9. This makes it possible for authenticated attackers, wit...

5.3CVSS5.6AI score0.0022EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/19 4:36 a.m.36 views

CVE-2025-14357 Mega Store Woocommerce <= 5.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page Creation and Settings Change

The Mega Store Woocommerce theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setupwidgets function in core/includes/importer/whizzie.php in all versions up to, and including, 5.9. This makes it possible for authenticated attackers, wit...

5.3CVSS0.0022EPSS
Exploits0References3
CVE
CVE
added 2026/02/19 3:25 a.m.22 views

CVE-2025-11725

The CVE-2025-11725 entry concerns the Aruba HiSpeed Cache WordPress plugin, affected up to version 3.0.2. The vulnerability arises from missing capability checks in multiple functions, allowing unauthenticated attackers to modify the plugin’s configuration settings and enable/disable features. Im...

6.5CVSS5.5AI score0.00277EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/02/18 8:58 p.m.9 views

WordPress Booking Calendar plugin <= 10.14.14 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Settings Modification vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary User Settings Modification vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Booking Calendar versions = 10.14.14...

4.3CVSS5.5AI score0.0019EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/16 7:2 p.m.8 views

WordPress Easy Social Feed plugin <= 6.5.2 - Missing Authorization to Settings Modification vulnerability

Missing Authorization to Settings Modification vulnerability discovered by Lucio Sá in WordPress Plugin Easy Social Feed versions = 6.5.2...

4.3CVSS5.5AI score0.00323EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/04 8:25 a.m.7 views

CVE-2026-0572

The WebPurify Profanity Filter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'webpurifysaveoptions' function in all versions up to, and including, 4.0.2. This makes it possible for unauthenticated attackers to change plugin settin...

6.5CVSS5.4AI score0.00309EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/02/03 6:54 a.m.6 views

WordPress Integrate Google Drive plugin <= 1.3.8 - Missing Authorization to Unauthenticated Settings Modification and Export vulnerability

Missing Authorization to Unauthenticated Settings Modification and Export vulnerability discovered by Krzysztof Zając - CERT PL in WordPress Plugin Integrate Google Drive versions = 1.3.8...

10CVSS5.4AI score0.0074EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/29 3:18 p.m.17 views

CVE-2026-1380

The Bitcoin Donate Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

4.3CVSS5.8AI score0.00124EPSS
Exploits0References1
NVD
NVD
added 2026/01/28 12:15 p.m.14 views

CVE-2026-1380

The Bitcoin Donate Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

4.3CVSS0.00124EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/28 11:23 a.m.6 views

EUVD-2026-4924

The Bitcoin Donate Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

4.3CVSS5.8AI score0.00124EPSS
Exploits0References3
CVE
CVE
added 2026/01/28 7:27 a.m.16 views

CVE-2026-1054

The CVE-2026-1054 entry corresponds to the RegistrationMagic WordPress plugin and is supported by multiple connected sources (Wordfence, PatchStack, CVE List). The detail across these sources states that versions up to and including 6.0.7.4 are vulnerable due to missing nonce verification and mis...

5.3CVSS6AI score0.00232EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.12 views

PT-2026-5078

The RegistrationMagic plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 6.0.7.4. This is due to missing nonce verification and capability checks on the rm set otp AJAX action handler. This makes it possible for unauthenticated attackers to modify...

5.3CVSS6AI score0.00232EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/25 9:16 a.m.16 views

CVE-2026-1075

The ZT Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to improper nonce validation on the saveztcptcaptchasettings action where the nonce check can be bypassed by sending an empty token value. This makes it possibl...

4.3CVSS5.5AI score0.00191EPSS
Exploits0References1
NVD
NVD
added 2026/01/24 8:16 a.m.9 views

CVE-2026-1075

The ZT Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to improper nonce validation on the saveztcptcaptchasettings action where the nonce check can be bypassed by sending an empty token value. This makes it possibl...

4.3CVSS0.00191EPSS
Exploits0References3
NVD
NVD
added 2026/01/24 8:16 a.m.7 views

CVE-2025-14906

The WP Youtube Video Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce verification on the wpYTVideoGallerySettingSave function. This makes it possible for unauthenticated attackers to modify plugin...

4.3CVSS0.00132EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/24 7:26 a.m.6 views

CVE-2026-1075

The ZT Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to improper nonce validation on the saveztcptcaptchasettings action where the nonce check can be bypassed by sending an empty token value. This makes it possibl...

4.3CVSS5.8AI score0.00191EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/16 6:43 a.m.6 views

CVE-2025-14853

The LEAV Last Email Address Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions = 1.7.1. This is due to missing or incorrect nonce validation on the displaysettingspage function. This makes it possible for unauthenticated attackers to modify plugin settings via ...

4.3CVSS5.2AI score0.00131EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/09 7:22 a.m.3 views

CVE-2025-14657 Eventin – Event Manager, Event Booking, Calendar, Tickets and Registration Plugin (AI Powered) <= 4.0.51 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via 'post_settings'

The Eventin – Event Manager, Events Calendar, Event Tickets and Registrations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'postsettings' function in all versions up to, and including, 4.0.51. This makes it possible for...

7.2CVSS5.3AI score0.00307EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.6 views

WordPress plugin Eventin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

7.2CVSS6.4AI score0.00307EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/03 12:0 a.m.6 views

PT-2026-1181

Name of the Vulnerable Software and Affected Versions Petlibro Smart Pet Feeder Platform versions up to 1.7.31 Description The Petlibro Smart Pet Feeder Platform is affected by an improper access control issue. The platform allows unauthorized device manipulation by accepting arbitrary serial...

9.8CVSS6.5AI score0.00216EPSS
Exploits0References9
Rows per page
Query Builder