Lucene search
K

93 matches found

Patchstack
Patchstack
added 2025/11/11 12:25 a.m.6 views

WordPress Shelf Planner plugin <= 2.7.0 - Missing Authorization to Unauthenticated Settings Update vulnerability

Missing Authorization to Unauthenticated Settings Update vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Shelf Planner versions = 2.7.0...

5.3CVSS7AI score0.00269EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/11/04 5:16 a.m.12 views

CVE-2025-12403

The Associados Amazon Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8. This is due to missing or incorrect nonce validation on the brzonadminpanel function. This makes it possible for unauthenticated attackers to update settings an...

6.1CVSS0.00142EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/04 4:27 a.m.1 views

CVE-2025-12413 Social Media WPCF7 Stop Words <= 1.1.3 - Cross-Site Request Forgery to Settings Update

The Social Media WPCF7 Stop Words plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.3. This is due to missing or incorrect nonce validation on the smWpCfSwOptions function. This makes it possible for unauthenticated attackers to update the...

5.4CVSS5AI score0.00118EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.5 views

PT-2025-44916

Name of the Vulnerable Software and Affected Versions CE21 Suite versions 2.2.1 through 2.3.1 Description The CE21 Suite plugin for WordPress is affected by an issue allowing unauthorized updates to plugin settings. A missing capability check on the wp ajax nopriv ce21 single sign on save api...

9.8CVSS6.3AI score0.00438EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/11/04 12:0 a.m.4 views

WordPress plugin DominoKit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

5.3CVSS6.6AI score0.00219EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.7 views

PT-2025-44946

The Posts Navigation Links for Sections and Headings – Free by WP Masters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the 'wpm navigation links settings' page. This makes it...

4.3CVSS5.3AI score0.00122EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/25 5:31 a.m.3 views

CVE-2025-11269 Product Filter by WBW <= 3.0.0 - Missing Authorization to Unauthenticated Settings Update

The Product Filter by WBW plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'approveNotice' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to update the plugin's settings...

5.3CVSS4.9AI score0.00264EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/24 12:0 a.m.6 views

PT-2025-43596

Name of the Vulnerable Software and Affected Versions Multi Item Responsive Slider plugin for WordPress versions prior to 1.1 Description The software is susceptible to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation on the mioptions.php page. This allows...

6.1CVSS6.4AI score0.00191EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/10/04 11:53 a.m.9 views

CVE-2025-9213

The TextBuilder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 1.0.0 to 1.1.1. This is due to missing or incorrect nonce validation on the 'handleToken' function. This makes it possible for unauthenticated attackers to update a user's authorization token via a forged...

8.8CVSS5.9AI score0.00168EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.23 views

EUVD-2025-24006

Malicious code in bioql PyPI...

8.8CVSS4.5AI score0.00564EPSS
Exploits3References3
CNNVD
CNNVD
added 2025/09/19 12:0 a.m.5 views

MicroWorld eScan AV 安全漏洞

MicroWorld eScan AV is a security software for protection against malware from MicroWorld India. A security vulnerability exists in MicroWorld eScan AV that stems from a failure of the update mechanism to ensure the authenticity and integrity of update packages, which could lead to...

9.3CVSS7.7AI score0.00575EPSS
Exploits0References9
CVE
CVE
added 2025/08/26 9:6 a.m.28 views

CVE-2025-6247

CVE-2025-6247 affects the WordPress Automatic Plugin for WordPress (

4.7CVSS6.1AI score0.00175EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/18 4:31 a.m.11 views

CVE-2025-7668

The Linux Promotional Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'inux-promotional-plugin.php' page. This makes it possible for unauthenticated attackers to update...

6.1CVSS6.7AI score0.00159EPSS
Exploits0References1
Snyk
Snyk
added 2025/07/17 6:42 p.m.5 views

Arbitrary Code Injection

Overview livewire/livewire is an A front-end framework for Laravel. Affected versions of this package are vulnerable to Arbitrary Code Injection via the hydration process of component property updates. An attacker can execute arbitrary commands on the server by sending specially crafted requests ...

9.8CVSS7.8AI score0.95376EPSS
Exploits5References2
RedhatCVE
RedhatCVE
added 2025/05/23 3:0 a.m.11 views

CVE-2023-1660

The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard...

6.1CVSS6AI score0.00269EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/03/19 12:0 a.m.6 views

WordPress plugin Altair 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

9.8CVSS8.6AI score0.00478EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/02/19 11:29 p.m.4 views

WordPress Gift Cards plugin <= 4.4.9 - Missing Authorization to Unauthenticated Price, Date, and Note Updates vulnerability

Missing Authorization to Unauthenticated Price, Date, and Note Updates vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin Gift Vouchers versions = 4.4.9...

5.3CVSS7AI score0.00289EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/02/18 12:0 a.m.5 views

PT-2025-6559 · WordPress · Memorialday

Name of the Vulnerable Software and Affected Versions: MemorialDay plugin for WordPress versions up to, and including, 1.0.4 Description: The issue is due to missing or incorrect nonce validation on a function, making it possible for unauthenticated attackers to update settings and inject malicio...

6.1CVSS9.4AI score0.00182EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/01/30 12:0 a.m.5 views

PT-2025-2199 · WordPress · Wonder Fontawesome

Name of the Vulnerable Software and Affected Versions: Wonder FontAwesome plugin for WordPress versions up to, and including, 0.8 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation in one of the plugin's functions. This allows...

6.1CVSS9.1AI score0.00134EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/12/12 12:0 a.m.7 views

PT-2024-16975 · WordPress · Vernetzungsfunktion

Name of the Vulnerable Software and Affected Versions: Vernetzungsfunktion plugin for WordPress versions up to, and including, 1.97.5 Description: The issue is related to Cross-Site Request Forgery. It is caused by missing or incorrect nonce validation on the djo einstellungen menue function. Thi...

6.1CVSS7.1AI score0.00217EPSS
Exploits0References5
Rows per page
Query Builder