Lucene search
K

998 matches found

Cvelist
Cvelist
added 2026/02/13 9:23 p.m.33 views

CVE-2025-15157 Starfish Review Generation & Marketing for WordPress <= 3.1.19 - Authenticated (Subscriber+) Arbitrary Options Update via srm_restore_options_defaults

The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'srmrestoreoptionsdefaults' function in all versions up to, and including, 3.1.19. This...

8.8CVSS0.00316EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/11 8:26 a.m.22 views

CVE-2026-1786 Twitter posts to Blog <= 1.11.25 - Missing Authorization to Unauthenticated Plugin Settings Update

The Twitter posts to Blog plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dgtwoptions' function in all versions up to, and including, 1.11.25. This makes it possible for unauthenticated attackers to update plugin settings including...

6.5CVSS0.00284EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/09 11:23 p.m.2 views

CVE-2026-0845 WCFM - WooCommerce Frontend Manager <= 6.7.24 - Authenticated (Shop Manager+) Arbitrary Options Update

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'WCFMSettingsController::processing' function in...

7.2CVSS5.7AI score0.00436EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/07 8:26 a.m.5 views

CVE-2025-15476

The The Bucketlister plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bucketlisterdoadminajax function in all versions up to, and including, 0.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.5AI score0.00158EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/07 8:26 a.m.5 views

EUVD-2025-206893

The The Bucketlister plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bucketlisterdoadminajax function in all versions up to, and including, 0.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.5AI score0.00158EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/25 9:10 p.m.15 views

CVE-2026-0593

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processBackgroundAction function in all versions up to, and including, 10.0.04. This makes it possible for authenticated attackers, with...

5.3CVSS5.5AI score0.00234EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/25 9:16 a.m.48 views

CVE-2026-1103

The AIKTP plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the /aiktp/getToken REST API endpoint in all versions up to, and including, 5.0.04. The endpoint uses the 'verifyuserloggedin' as a permission callback, which only checks if a...

5.4CVSS5.5AI score0.00239EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/24 7:26 a.m.3 views

CVE-2026-1103 AIKTP <= 5.0.04 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrator Actions

The AIKTP plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the /aiktp/getToken REST API endpoint in all versions up to, and including, 5.0.04. The endpoint uses the 'verifyuserloggedin' as a permission callback, which only checks if a...

5.4CVSS5.9AI score0.00239EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/24 12:0 a.m.14 views

WordPress plugin All-in-One Video Gallery has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00161EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/24 12:0 a.m.7 views

PT-2026-4587

The AIKTP plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the /aiktp/getToken REST API endpoint in all versions up to, and including, 5.0.04. The endpoint uses the 'verify user logged in' as a permission callback, which only checks if...

5.4CVSS5.5AI score0.00239EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/24 12:0 a.m.9 views

WordPress plugin WP Go Maps has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00234EPSS
Exploits0References3
OSV
OSV
added 2026/01/23 12:0 a.m.4 views

CVE-2025-70985

Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily modify data outside of their scope...

9.1CVSS5.9AI score0.00382EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/01/23 12:0 a.m.2 views

CVE-2025-70985

Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily modify data outside of their scope...

5.4AI score0.00382EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/21 3:27 p.m.9 views

CVE-2025-15347

The Creator LMS – The LMS for Creators, Coaches, and Trainers plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check in the getitemspermissionscheck function in all versions up to, and including, 1.1.12. This...

8.8CVSS5.7AI score0.00271EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/21 12:31 a.m.5 views

EUVD-2026-3532

Vulnerability in the Oracle Life Sciences Central Coding product of Oracle Health Sciences Applications component: Platform. The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life...

6.5CVSS5.5AI score0.00187EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/21 12:31 a.m.5 views

EUVD-2026-3579

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: Filesystems. The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes ...

2.3CVSS5.4AI score0.00131EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/21 12:31 a.m.5 views

EUVD-2026-3587

Vulnerability in the Oracle Planning and Budgeting Cloud Service product of Oracle Hyperion component: EPM Agent. The supported version that is affected is 25.04.07. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Planning and Budgeti...

4.2CVSS5.5AI score0.00128EPSS
Exploits0References2
NVD
NVD
added 2026/01/20 10:15 p.m.8 views

CVE-2026-21930

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: Filesystems. The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes ...

2.3CVSS0.00131EPSS
Exploits0References1
OSV
OSV
added 2026/01/20 10:15 p.m.2 views

CVE-2026-21924

Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications component: General. Supported versions that are affected are 4.4.0.3.0, 4.5.0.0.0, 4.5.0.1.1, 4.5.0.1.3, 4.5.0.2.0, 25.4 and 25.10. Easily exploitable vulnerability allows low privileged attacker...

5.4CVSS5.8AI score0.0018EPSS
Exploits0References1
NVD
NVD
added 2026/01/20 10:15 p.m.7 views

CVE-2026-21924

Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications component: General. Supported versions that are affected are 4.4.0.3.0, 4.5.0.0.0, 4.5.0.1.1, 4.5.0.1.3, 4.5.0.2.0, 25.4 and 25.10. Easily exploitable vulnerability allows low privileged attacker...

5.4CVSS0.0018EPSS
Exploits0References1
Rows per page
Query Builder