Lucene search
K

998 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:18 a.m.7 views

CVE-2025-1681

The Cardealer theme for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check and missing filename sanitization on the demo theme scheme AJAX functions in versions up to, and including, 1.6.4. This makes it possible for authenticated...

5.4CVSS6.6AI score0.00331EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:13 a.m.8 views

CVE-2024-2538

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavepermalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author access and above,...

5.4CVSS6.5AI score0.00568EPSS
Exploits1References1
CVE
CVE
added 2026/01/07 8:21 a.m.30 views

CVE-2025-13496

CVE-2025-13496 (Moosend Landing Pages, WordPress) The WordPress plugin Moosend Landing Pages (up to v1.1.6) contains a missing capability check in moosend_landings_auth_get, allowing authenticated users with Subscriber level access or higher to delete the moosend_landing_api_key option. The issue...

5.3CVSS4.7AI score0.00277EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.5 views

WordPress plugin Reviewify 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

7.5CVSS6.3AI score0.0039EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.7 views

PT-2026-1589

Name of the Vulnerable Software and Affected Versions Moosend Landing Pages plugin for WordPress versions through 1.1.6 Description The Moosend Landing Pages plugin for WordPress has a flaw that allows unauthorized modification of data. This is due to a missing capability check within the moosend...

5.3CVSS6.4AI score0.00277EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.4 views

WordPress plugin Unify 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

5.3CVSS6.3AI score0.00227EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.6 views

WordPress plugin Moosend Landing Pages 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

5.3CVSS6.3AI score0.00277EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/06 12:0 a.m.4 views

WordPress plugin Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

6.5CVSS6.4AI score0.00229EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/06 12:0 a.m.2 views

WordPress plugin LearnPress – WordPress LMS Plugin 安全漏洞

...

5.3CVSS6.7AI score0.00232EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/06 12:0 a.m.3 views

WordPress plugin Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin Tag...

4.3CVSS6.3AI score0.00193EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/06 12:0 a.m.9 views

WordPress plugin Depicter 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

5.3CVSS6.4AI score0.00235EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/06 12:0 a.m.7 views

WordPress plugin MasterStudy LMS WordPress Plugin – for Online Courses and Education 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin...

5.4CVSS6.4AI score0.00146EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.8 views

PT-2026-34077

Name of the Vulnerable Software and Affected Versions Oracle Java SE version 25.0.1 Description An issue in the Libraries component allows an unauthenticated attacker with network access via multiple protocols to compromise the system. This can lead to unauthorized update, insert, or delete acces...

7.5CVSS7.7AI score0.00702EPSS
Exploits0References61
Cvelist
Cvelist
added 2025/12/18 9:21 a.m.25 views

CVE-2025-14364 Demo Importer Plus <= 2.0.8 - Missing Authorization to Authenticated (Subscriber+) Site Reset and Privilege Escalation

The Demo Importer Plus plugin for WordPress is vulnerable to unauthorized modification of data, loss of data, and privilege escalation due to a missing capability check on the Ajax::handlerequest function in all versions up to, and including, 2.0.8. This makes it possible for authenticated...

8.8CVSS0.00302EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.4 views

PT-2025-51228

The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the add images to gallery callback function in all versions up to, and including, 2.13.3. This makes it possible for authenticated attackers,...

4.3CVSS5.2AI score0.00231EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/14 5:3 a.m.14 views

CVE-2025-14446

The Popup Builder Easy Notify Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the easynotifycpreset function in all versions up to, and including, 1.1.37. This makes it possible for authenticated attackers, with Subscriber-level...

6.5CVSS5.1AI score0.00212EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/14 5:3 a.m.5 views

CVE-2025-14397

The Postem Ipsum plugin for WordPress is vulnerable to unauthorized modification of data to Privilege Escalation due to a missing capability check on the postemipsumgenerateusers function in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with...

8.8CVSS5.2AI score0.00244EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/13 6:30 p.m.5 views

EUVD-2025-203234

The Popover Windows plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple ajax actions e.g., popsubmit, popthemesubmit in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with subscriber-lev...

4.3CVSS4.7AI score0.00158EPSS
Exploits0References3
NVD
NVD
added 2025/12/13 4:16 p.m.4 views

CVE-2025-14397

The Postem Ipsum plugin for WordPress is vulnerable to unauthorized modification of data to Privilege Escalation due to a missing capability check on the postemipsumgenerateusers function in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with...

8.8CVSS0.00244EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/13 12:0 a.m.7 views

WordPress plugin Popup Builder (Easy Notify Lite) 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

6.5CVSS6.3AI score0.00212EPSS
Exploits0References4
Rows per page
Query Builder