Lucene search
K

258 matches found

Nuclei
Nuclei
added yesterday15 views

WP DSGVO Tools (GDPR) <= 3.1.23 - Unauthenticated Arbitrary Post Deletion

WP DSGVO Tools GDPR = 3.1.23 had an AJAX action, ‘admin-dismiss-unsubscribe‘, which lacked a capability check and a nonce check and was available to unauthenticated users, and did not check the post type when deleting unsubscription requests. As such, it was possible for an attacker to permanentl...

9.1CVSS7AI score0.0393EPSS
Exploits1References2
CVE
CVE
added 6 days ago8 views

CVE-2026-58192

CVE-2026-58192 affects Appium’s storage-plugin: prior to 1.1.6, POST /storage/delete passes user-supplied name into path.join(storageRoot, name) and fs.rimraf() without sanitization, enabling an unauthenticated remote attacker to escape the storage root via ../ and delete arbitrary writable files...

8.6CVSS6.1AI score0.00345EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-14487 Simple Coherent Form <= 2.4.13 - Unauthenticated Arbitrary File Deletion via 'id' Parameter

The Simple Coherent Form plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the removeUploadDir function in all versions up to, and including, 2.4.13. This makes it possible for unauthenticated attackers to delete arbitrary files on the serve...

9.1CVSS0.0074EPSS
Exploits0References6
NVD
NVD
added last week10 views

CVE-2026-12277

The Frontend File Manager Plugin WordPress plugin through 23.6 does not validate a file path derived from user input before deleting the referenced file, allowing unauthenticated users to delete arbitrary files on the server such as wp-config.php when guest upload mode is enabled. Deleting...

8.7CVSS0.00231EPSS
Exploits1References1
EUVD
EUVD
added last week10 views

EUVD-2026-42011

The Frontend File Manager Plugin WordPress plugin through 23.6 does not validate a file path derived from user input before deleting the referenced file, allowing unauthenticated users to delete arbitrary files on the server such as wp-config.php when guest upload mode is enabled. Deleting...

8.7CVSS5.9AI score0.00231EPSS
Exploits1References1
NVD
NVD
added 2026/07/02 12:16 p.m.4 views

CVE-2025-69134

Unauthenticated Arbitrary Content Deletion in OpenAI Chatbot for WordPress – Helper = 1.1.4 versions...

7.5CVSS0.003EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:14 a.m.8 views

CVE-2025-69134

Unauthenticated Arbitrary Content Deletion in OpenAI Chatbot for WordPress – Helper = 1.1.4 versions...

7.5CVSS5.8AI score0.003EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.15 views

PT-2026-54964

Unauthenticated Arbitrary Content Deletion in OpenAI Chatbot for WordPress – Helper = 1.1.4 versions...

7.5CVSS5.8AI score0.003EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 7:16 a.m.13 views

CVE-2026-12094

The Advanced Contact Form 7 - Compact DB plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the cf7cdbajaxdeleteuser function in versions up to, and including, 1.0.0. The handler is registered against both wpajaxcf7cdbdelete and...

5.3CVSS0.00295EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 5:33 a.m.7 views

EUVD-2026-38677

The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to unauthorized modification/deletion of data due to a missing capability check on the deletesingleaccount function in versions up to, and including, 1.2.0. The REST route...

5.3CVSS6AI score0.00227EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 5:33 a.m.6 views

EUVD-2026-38663

The Advanced Contact Form 7 - Compact DB plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the cf7cdbajaxdeleteuser function in versions up to, and including, 1.0.0. The handler is registered against both wpajaxcf7cdbdelete and...

5.3CVSS6AI score0.00295EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:33 a.m.6 views

CVE-2026-12094

The Advanced Contact Form 7 - Compact DB plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the cf7cdbajaxdeleteuser function in versions up to, and including, 1.0.0. The handler is registered against both wpajaxcf7cdbdelete and...

5.3CVSS6AI score0.00295EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.38 views

CVE-2026-12094 Advanced Contact Form 7 <= 1.0.0 - Missing Authorization to Unauthenticated Arbitrary Contact Form Submission Deletion via 'form_id' Parameter

The Advanced Contact Form 7 - Compact DB plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the cf7cdbajaxdeleteuser function in versions up to, and including, 1.0.0. The handler is registered against both wpajaxcf7cdbdelete and...

5.3CVSS0.00295EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 5:33 a.m.16 views

CVE-2026-12094

The CVE describes a vulnerability in the Advanced Contact Form 7 - Compact DB plugin for WordPress (versions delete() on the wp_cf7cdb_data table, using an attacker-supplied integer ID. This allows unauthenticated attackers to delete arbitrary contact form submission entries by enumerating primar...

5.3CVSS6AI score0.00295EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/06/23 4:39 p.m.5 views

WordPress Devs Accounting – Simple Accounting and Invoicing Solution plugin <= 1.2.0 - Missing Authorization to Unauthenticated Account Deletion vulnerability

Missing Authorization to Unauthenticated Account Deletion vulnerability discovered by jamaal in WordPress Plugin Devs Accounting – Simple Accounting and Invoicing Solution versions = 1.2.0...

5.3CVSS5.8AI score0.00227EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/20 2:16 a.m.27 views

CVE-2026-9843

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the viewpage function in all versions up to, and including, 1.5.1. This makes it possible for unauthenticated attackers to delete...

8.1CVSS0.00662EPSS
Exploits0References7
NVD
NVD
added 2026/06/17 2:17 p.m.13 views

CVE-2026-52716

Unauthenticated Arbitrary File Deletion in WorkScout-Core = 1.7.11 versions...

6.5CVSS0.00351EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.13 views

CVE-2026-48929

Rocket.Chat in versions 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, 7.13.9, and 7.10.13 is vulnerable to unauthenticated file deletion. The deleteFileMessage Meteor method permanently deletes any uploaded file by ID without requiring authentication. When called via an unauthenticated DDP WebSocket...

7.5CVSS0.00723EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 12:47 p.m.9 views

EUVD-2026-37700

Unauthenticated Arbitrary File Deletion in WorkScout-Core = 1.7.11 versions...

6.5CVSS5.2AI score0.00351EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 11:8 p.m.27 views

CVE-2026-48929

Rocket.Chat versions older than 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, 7.13.9, and 7.10.13 are vulnerable to unauthenticated file deletion through the deleteFileMessage Meteor method. When called over an unauthenticated DDP WebSocket connection, Meteor.userId() returns null, bypassing the auth...

7.5CVSS7.3AI score0.00723EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder