Lucene search
K

1001 matches found

Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-1359 Genolve – AI image AI video generation <= 5.0.5 - Authenticated (Contributor+) Incorrect Authorization to Privilege Escalation via theopt

The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the genolvesetOpt function in all versions up to, and including, 5.0.5. This makes it possible for authenticated attackers, with Contributor-leve...

8.8CVSS0.00308EPSS
Exploits0References2
NVD
NVD
added 4 days ago6 views

CVE-2026-9235

The DHL eCommerce Benelux for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check and missing nonce verification on the createlabel and deletelabel functions in versions up to, and including, 2.2.3. These functions are wir...

4.3CVSS0.00196EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago10 views

EUVD-2026-42558

The Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateShippingMethod function registered to the wpajaxlpcorderaffect AJAX action in versions up to, and including, 2.9.0...

4.3CVSS6AI score0.00196EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/27 6:50 a.m.10 views

EUVD-2026-39958

The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'uploadcsv' and 'processbatch' functions in all versions up to, and including, 1.8.9. This makes it possible for authenticated attackers, with Subscriber-level access an...

6.5CVSS5.9AI score0.00276EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/24 5:33 a.m.9 views

EUVD-2026-38673

The 24liveblog - live blog tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatelb24token AJAX function in versions up to, and including, 2.2. The handler only verifies the 'lb24' nonce which is generated and localized to any...

4.3CVSS5.9AI score0.00215EPSS
Exploits0References6
NVD
NVD
added 2026/06/17 10:54 a.m.11 views

CVE-2026-46979

Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft component: Integration and Interfaces. The supported version that is affected is 9.2.38. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise...

6.5CVSS0.00294EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 9:31 a.m.11 views

EUVD-2026-37059

The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxpayfororder function in all versions up to, and including, 10.7.0 This is due to a missing order ownership or orderkey verification when...

6.5CVSS5.3AI score0.00267EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-49847

Name of the Vulnerable Software and Affected Versions PeopleSoft Enterprise PT PeopleTools versions 8.61 PeopleSoft Enterprise PT PeopleTools versions 8.62 Description An issue in the Weblogic component allows an unauthenticated attacker with network access via HTTP to compromise the system...

8.7CVSS5.9AI score0.0034EPSS
Exploits0References4
CVE
CVE
added 2026/06/09 9:28 a.m.27 views

CVE-2026-4058

The CVE-2026-4058 entry concerns the WordPress plugin “User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration”. A missing capability check in user_subscription_cancel() across all versions up to 4.3.2 allows authenticated users with Subscriber-level ac...

4.3CVSS5.5AI score0.00153EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.11 views

CVE-2025-15565

The Nexi XPay plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the redirect function in all versions up to, and including, 8.3.0. This makes it possible for unauthenticated attackers to mark pending WooCommerce orders as paid/completed...

5.3CVSS5.5AI score0.00189EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.12 views

CVE-2026-1572

The Livemesh Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 9.0. This is due to missing authorization checks on the AJAX handler laeadminajax and insufficient...

6.4CVSS5.7AI score0.00322EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.15 views

CVE-2026-6897

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\TeamAccounts::savesettings' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/23 4:27 a.m.13 views

CVE-2026-6897

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\TeamAccounts::savesettings' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/23 4:27 a.m.19 views

CVE-2026-6898 WishList Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) Generate API Secret Key via 'wlm3_generate_api_key' AJAX action

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember3Hooks::generateapikey' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...

8.8CVSS0.00244EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/23 12:0 a.m.17 views

PT-2026-42865

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMemberFeaturesTeam Accounts::save settings' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in openjdk-11

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Hotspot. The supported versions affected by this vulnerability are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK:...

3.7CVSS6.7AI score0.00953EPSS
Exploits0References2
NVD
NVD
added 2026/05/15 9:16 a.m.38 views

CVE-2026-4683

The Smartcat Translator for WPML plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'routeData' REST endpoint in all versions up to, and including, 3.1.77. This makes it possible for unauthenticated attackers to overwrite the plugin's...

6.5CVSS0.00262EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/15 7:46 a.m.21 views

EUVD-2026-30515

The Smartcat Translator for WPML plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'routeData' REST endpoint in all versions up to, and including, 3.1.77. This makes it possible for unauthenticated attackers to overwrite the plugin's...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References4
NVD
NVD
added 2026/05/14 6:16 a.m.11 views

CVE-2026-3829

The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'wplebasicgetrequests' function in all versions up to, and including, 7.8.5.10. This makes...

5.4CVSS0.00202EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/14 5:30 a.m.10 views

EUVD-2026-30228

The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'wplebasicgetrequests' function in all versions up to, and including, 7.8.5.10. This makes...

5.4CVSS5.8AI score0.00202EPSS
Exploits0References3
Rows per page
Query Builder