Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

EUVD
EUVDadded 2026/04/22 9:31 a.m.0 views

EUVD-2026-24682

The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.1.6. This is due to missing nonce validation in the niorderexportaction AJAX handler function. The handler processes settings updates when the 'page' parameter is...

4.3CVSS5.6AI score0.00006EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/02/19 3:25 a.m.25 views

CVE-2025-11725 Aruba HiSpeed Cache <= 3.0.2 - Missing Authorization to Unauthenticated Plugin's Settings Modification

The Aruba HiSpeed Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the multiple functions in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to modify plugin's configuration settings,...

6.5CVSS0.00071EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/02/03 9:18 a.m.6 views

CVE-2026-22888

Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product...

7.5CVSS5.3AI score0.00022EPSS
Exploits0References1
CVE
CVEadded 2026/01/07 8:21 a.m.6 views

CVE-2025-13521

WP Status Notifier is vulnerable to CSRF due to missing/incorrect nonce validation on the settings update function, enabling unauthenticated attackers to change plugin settings by decep­tively prompting an admin (e.g., via forged link). The CVE entry lists a CVSS v3.1 base score of 4.3 (Medium) w...

4.3CVSS5AI score0.00024EPSS
Exploits0References3
CVE
CVEadded 2025/11/21 7:31 a.m.6 views

CVE-2025-11815

CVE-2025-11815 documents a vulnerability in the UiPress lite plugin for WordPress (versions

4.3CVSS4.9AI score0.00034EPSS
Exploits0References3
CVE
CVEadded 2025/09/11 7:24 a.m.8 views

CVE-2025-9627

CVE-2025-9627 describes a CSRF vulnerability in the WordPress Run Log plugin (versions up to and including 1.7.10). The issue stems from missing/incorrect nonce validation in the oirl_plugin_options function, allowing unauthenticated attackers to modify plugin settings (e.g., distance units, pace...

4.3CVSS4.9AI score0.00021EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2025/05/23 8:2 a.m.2 views

CVE-2024-6579

The Web and WooCommerce Addons for WPBakery Builder plugin for WordPress is vulnerable to unauthorized plugin settings modification due to a missing capability check on several plugin functions in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with...

4.3CVSS5.1AI score0.00147EPSS
Exploits0References1
NVD
NVDadded 2022/07/18 5:15 p.m.10 views

CVE-2022-2108

The plugin Wbcom Designs – BuddyPress Group Reviews for WordPress is vulnerable to unauthorized settings changes and review modification due to missing capability checks and improper nonce checks in several functions related to said actions in versions up to, and including, 2.8.3. This makes it...

6.5CVSS0.00671EPSS
Exploits0References4
CNNVD
CNNVDadded 2022/02/09 12:0 a.m.1 views

EcoStruxure EV Charging Expert 安全漏洞

EcoStruxure EV Charging Expert is an electric vehicle charging infrastructure load management, access management and supervision solution from Schneider-electric, France. A security vulnerability exists in EcoStruxure EV Charging Expert, which stems from CWE-1021 An improper restriction in the...

7.4CVSS7.3AI score0.00206EPSS
Exploits0References3
Rows per page
Query Builder