Lucene search
K

9 matches found

ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-9028

The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.7.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers t...

5.3CVSS6AI score0.00288EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/05/12 7:48 a.m.6 views

CVE-2026-5693 Smart Appointment & Booking <= 1.0.8 - Missing Authorization to Unauthenticated Arbitrary Booking Cancellation

The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation logic flaw in the saabcancelbooking function in all versions up to, and including, 1.0.8. The nonce check uses && AND instead of || OR,...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/18 3:37 a.m.35 views

CVE-2026-1926 Subscriptions for WooCommerce <= 1.9.2 - Missing Authorization to Unauthenticated Arbitrary Subscription Cancellation

The Subscriptions for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpssfwadmincancelsusbcription function in all versions up to, and including, 1.9.2. This is due to the function being hooked to the init action withou...

5.3CVSS0.00307EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/03/18 2:24 a.m.6 views

WordPress Subscriptions for WooCommerce plugin <= 1.9.2 - Missing Authorization to Unauthenticated Arbitrary Subscription Cancellation vulnerability

Missing Authorization to Unauthenticated Arbitrary Subscription Cancellation vulnerability discovered by shrikant bhosale in WordPress Plugin Subscriptions for WooCommerce versions = 1.9.2...

5.3CVSS5.8AI score0.00307EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/01/24 7:26 a.m.20 views

CVE-2025-14843

The CVE CVE-2025-14843 affects Wizit Gateway for WooCommerce (WordPress) and is reported as Unauthenticated Arbitrary Order Cancellation in all versions up to 1.2.9. The root cause is missing authentication/authorization checks in the handle_checkout_redirecturl_response function, enabling unauth...

5.3CVSS5.7AI score0.00299EPSS
Exploits0References2
CVE
CVE
added 2025/11/11 11:3 a.m.18 views

CVE-2025-12787

CVE-2025-12787 affects Hydra Booking — Appointment Scheduling & Booking Calendar (WordPress) up to version 1.1.27, allowing unauthenticated cancellation of arbitrary bookings. The root cause is insufficiently random cancellation tokens combined with a globally shared nonce in the tfhb_meeting_for...

5.3CVSS5.7AI score0.00285EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/11 11:3 a.m.12 views

CVE-2025-12787 Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings <= 1.1.27 - Unauthenticated Arbitrary Booking Cancellation via Weak Hash Generation

The Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to unauthorized booking cancellation in all versions up to, and including, 1.1.27. This is due to the plugin's "tfhbmeetingformsubmitcallback" function using insufficiently random values to generate...

5.3CVSS0.00285EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/06/26 11:21 p.m.3 views

SUSE CVE-2025-52894

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and recovery rekey operations, effecting a denial of...

7.5CVSS6.8AI score0.00331EPSS
Exploits0References3
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2025/06/25 4:13 p.m.7 views

HCSEC-2025-11 Vault Vulnerable to Recovery Key Cancellation Denial of Service

Summary Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. This vulnerability CVE-2025-4656 has been remediated in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11,...

3.1CVSS6.1AI score0.00214EPSS
Exploits0Affected Software1
Rows per page
Query Builder