Lucene search
K

8 matches found

Positive Technologies
Positive Technologies
added 2026/02/16 12:0 a.m.6 views

PT-2026-8384

The WowRevenue plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'Notice::install activate plugin' function in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with subscriber-level access a...

8.8CVSS6.6AI score0.00377EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/11 6:30 a.m.6 views

EUVD-2025-60939

The Ninja Countdown | Fastest Countdown Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ninjacountdownadminajax' AJAX endpoint in all versions up to, and including, 1.5.0. This makes it possible for authenticated attackers, with...

4.3CVSS4.8AI score0.00163EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/29 1:51 a.m.20 views

CVE-2025-4683

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createblog function in all versions up to, and including, 4.17.5. This makes it possible for authenticated attackers, wit...

4.3CVSS6.5AI score0.0025EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:22 a.m.5 views

CVE-2024-1850

The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized access, modification or deletion of posts due to a missing capability check on functions hooked by AJAX actions in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with...

6.3CVSS7.2AI score0.0052EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:38 a.m.5 views

CVE-2023-5134

The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erformsusermeta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with...

4.3CVSS6AI score0.00441EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/04 3:38 a.m.22 views

CVE-2025-1639 Animation Addons for Elementor Pro <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation

The Animation Addons for Elementor Pro plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the installelementorpluginhandler function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, wi...

8.8CVSS0.00912EPSS
Exploits2References2
OSV
OSV
added 2024/06/07 2:15 a.m.6 views

CVE-2023-6876

The Clever Fox – One Click Website Importer by Nayra Themes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clever-fox-activate-theme' function in all versions up to, and including, 25.2.0. This makes it possible for authenticated...

5.4CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/13 12:0 a.m.6 views

PT-2024-27098 · Wpzoom · Wpzoom Social Feed Widget & Block

Name of the Vulnerable Software and Affected Versions: WPZOOM Social Feed Widget & Block plugin for WordPress versions up to, and including, 2.1.13 Description: The issue is related to unauthorized access due to a missing capability check on the wpzoom instagram clear data function. This allows...

4.3CVSS6.7AI score0.00465EPSS
Exploits0References6
Rows per page
Query Builder