Lucene search
K

9 matches found

CVE
CVE
added 2026/04/17 7:45 a.m.15 views

CVE-2026-6451

CVE-2026-6451 affects the WordPress plugin “cms-fuer-motorrad-werkstaetten” (versions

4.3CVSS5.8AI score0.00225EPSS
Exploits0References19
EUVD
EUVD
added 2025/12/17 7:49 p.m.7 views

EUVD-2025-203951

AVideo versions prior to 20.0 with the ImageGallery plugin enabled is vulnerable to unauthenticated file upload and deletion. Plugin endpoints responsible for managing gallery images fail to enforce authentication checks and do not validate ownership, allowing unauthenticated attackers to upload ...

9.3CVSS6.7AI score0.00415EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.4 views

AVideo 访问控制错误漏洞

AVideo is an open source broadcast network creation tool from World Wide Broadcast Network. An access control error vulnerability exists in AVideo versions prior to 20.0 that stems from a lack of authentication and ownership verification in the ImageGallery plugin endpoint, which could lead to...

9.3CVSS6.8AI score0.00415EPSS
Exploits0References5
NVD
NVD
added 2025/12/12 4:15 a.m.10 views

CVE-2025-13987

The Purchase and Expense Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing nonce validation on the 'suppthandledeletion' function. This makes it possible for unauthenticated attackers to delete arbitrary...

4.3CVSS0.00124EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/11 3:30 a.m.8 views

CVE-2025-11996 Find Unused Images <= 1.0.7 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion

The Find Unused Images plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the fuideleteimage and fuideleteallimages functiosn in all versions up to, and including, 1.0.7. This makes it possible for unauthenticated attackers to delete all of a site...

5.3CVSS0.00313EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/28 6:59 a.m.6 views

CVE-2025-11154

The IDonate WordPress plugin before 2.1.13 does not have authorisation and CSRF when deleting users via an action handler, allowing unauthenticated attackers to delete arbitrary users...

5.4CVSS7AI score0.0013EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/11/19 12:0 a.m.2 views

WordPress plugin WordPress GDPR 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin...

9.1CVSS8.2AI score0.00427EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/23 12:0 a.m.3 views

PT-2024-38424 · WordPress · Favicon Generator

Name of the Vulnerable Software and Affected Versions: Favicon Generator plugin for WordPress versions up to, and including, 1.5 Description: The Favicon Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the output sub admin...

9.6CVSS6.4AI score0.00252EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2023/07/31 12:0 a.m.5 views

PT-2023-27345 · WordPress · Radio Player

Name of the Vulnerable Software and Affected Versions: Radio Player plugin for WordPress versions up to, and including, 2.0.73 Description: The issue is related to a missing capability check on the delete player function, allowing unauthenticated attackers to modify data by deleting player...

5.3CVSS7AI score0.00411EPSS
Exploits0References11
Rows per page
Query Builder