998 matches found
PT-2026-37888
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...
EUVD-2026-27213
The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the LiveAction::reset function in all versions up to, and including, 3.8.2 The function is hooked to the WordPress init action and triggers when both post...
PT-2026-36994
Name of the Vulnerable Software and Affected Versions User Registration & Membership plugin for WordPress versions prior to 5.1.5 Description A missing capability check in the embed form action function allows authenticated attackers with Contributor-level access or higher to perform unauthorized...
CVE-2025-14726 Widgets for Social Photo Feed <= 1.8 - Missing Authentication to Unauthenticated Plugin Settings Access/Update via trustindex_feed_hook_instagram REST API endpoints
The Widgets for Social Photo Feed plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the '/trustindexfeedhookinstagram/troubleshooting' and '/trustindexfeedhookinstagram/submit-data' REST API endpoints in all versions up...
CVE-2026-35244
Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion component: Lifecycle Management. The supported version that is affected is 11.2.24.0.000. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle...
CVE-2026-35232
Vulnerability in Oracle Fusion Middleware component: Dynamic Monitoring Service. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Fusion Middleware. Successful...
CVE-2026-34294
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware component: Microsoft Active Directory. The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via LDAP to compromise Orac...
CVE-2026-1572
The Livemesh Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 9.0. This is due to missing authorization checks on the AJAX handler laeadminajax and insufficient...
CVE-2026-1572
The Livemesh Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 9.0. This is due to missing authorization checks on the AJAX handler laeadminajax and insufficient...
CVE-2026-4057
The Download Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makeMediaPublic and makeMediaPrivate functions in all versions up to, and including, 3.3.51. This is due to the functions only checking for editposts capability...
EUVD-2024-47007
The Easy Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eaflresetsettings AJAX action in all versions up to, and including, 3.7.3. This makes it possible for authenticated attackers, with Subscriber-level access and...
PT-2026-27764
Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Request Forgery CSRF vulnerability which, if exploited, can lead to unauthorized modification of certain information...
CVE-2026-1253 Group Chat & Video Chat by AtomChat <= 1.1.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Options Update
The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'atomchatupdateauthajax' and 'atomchatupdatelayoutajax' functions in all versions up to, and including, 1.1.7. This makes it possible for...
CVE-2026-1253
The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'atomchatupdateauthajax' and 'atomchatupdatelayoutajax' functions in all versions up to, and including, 1.1.7. This makes it possible for...
EUVD-2026-12800
The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clonebulkactionhandler and republishrequest functions in all versions up to, and including, 4.5. This makes it possible for authenticated attackers, with...
CVE-2026-1217
The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clonebulkactionhandler and republishrequest functions in all versions up to, and including, 4.5. This makes it possible for authenticated attackers, with...
EUVD-2026-12764
The Subscriptions for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpssfwadmincancelsusbcription function in all versions up to, and including, 1.9.2. This is due to the function being hooked to the init action withou...
CVE-2026-1650
The MDJM Event Management plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'customfieldscontroller' function in all versions up to, and including, 1.7.8.1. This makes it possible for unauthenticated attackers to delete arbitrary custom...
EUVD-2026-10090
The HUMN-1 AI Website Scanner & Human Certification by Winston AI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the winstondisconnect function in all versions up to, and including, 0.0.3. This makes it possible for authenticated...
PT-2026-23811
The MDJM Event Management plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'custom fields controller' function in all versions up to, and including, 1.7.8.1. This makes it possible for unauthenticated attackers to delete arbitrary custo...