Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/06/15 8:18 p.m.37 views

CVE-2026-40792 WordPress KiviCare plugin <= 4.2.1 - Insecure Direct Object References (IDOR) vulnerability

Subscriber Insecure Direct Object References IDOR in KiviCare = 4.2.1 versions...

6.3CVSS0.00249EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 6:45 a.m.9 views

CVE-2026-4094

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'adminhead' function in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with Contributor-lev...

8.1CVSS5.7AI score0.00273EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/14 7:43 a.m.1 views

CVE-2026-4109

The Eventin – Events Calendar, Event Booking, Ticket & Registration AI Powered plugin for WordPress is vulnerable to unauthorized access of data due to a improper capability check on the getitempermissionscheck function in all versions up to, and including, 4.1.8. This makes it possible for...

4.3CVSS5.9AI score0.00179EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/08/25 5:32 a.m.4 views

CVE-2025-9048

The Wptobe-memberships plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delimgajaxcall function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

8.1CVSS8AI score0.00588EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:39 a.m.6 views

CVE-2023-0889

Themeflection Numbers WordPress plugin before 2.0.1 does not have authorisation and CSRF check in an AJAX action, and does not ensure that the options to be updated belong to the plugin. As a result, it could allow any authenticated users, such as subscriber, to update arbitrary blog options, suc...

6.5CVSS7AI score0.00301EPSS
Exploits2References1
OSV
OSV
added 2023/01/02 10:15 p.m.3 views

CVE-2022-4372

The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as...

7.2CVSS5.9AI score0.00983EPSS
Exploits2References2
Rows per page
Query Builder