Lucene search
K

13 matches found

Cvelist
Cvelist
added 2026/03/18 3:37 a.m.31 views

CVE-2026-1926 Subscriptions for WooCommerce <= 1.9.2 - Missing Authorization to Unauthenticated Arbitrary Subscription Cancellation

The Subscriptions for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpssfwadmincancelsusbcription function in all versions up to, and including, 1.9.2. This is due to the function being hooked to the init action withou...

5.3CVSS0.00307EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/21 7:30 p.m.9 views

CVE-2025-69303

Missing Authorization vulnerability in modeltheme ModelTheme Framework modeltheme-framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ModelTheme Framework: from n/a through 2.0.0...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 4:22 p.m.5 views

CVE-2025-69303

Missing Authorization vulnerability in modeltheme ModelTheme Framework modeltheme-framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ModelTheme Framework: from n/a through 2.0.0...

7.5CVSS0.00278EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.7 views

PT-2026-21130

Name of the Vulnerable Software and Affected Versions ModelTheme Framework versions through 1.9.2 Description An authorization issue exists in the ModelTheme Framework’s modeltheme-framework, allowing exploitation due to incorrectly configured access control security levels. Recommendations Updat...

5.3AI score0.00278EPSS
Exploits0References3
NVD
NVD
added 2025/12/09 4:18 p.m.4 views

CVE-2025-62736

Missing Authorization vulnerability in opicron Image Cleanup image-cleanup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Cleanup: from n/a through = 1.9.2...

4.3CVSS0.00185EPSS
Exploits0References1
NVD
NVD
added 2025/12/09 4:18 p.m.3 views

CVE-2025-62737

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in opicron Image Cleanup image-cleanup allows Retrieve Embedded Sensitive Data.This issue affects Image Cleanup: from n/a through = 1.9.2...

5.3CVSS0.0024EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 2:52 p.m.21 views

CVE-2025-62736 WordPress Image Cleanup plugin <= 1.9.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in opicron Image Cleanup image-cleanup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Cleanup: from n/a through = 1.9.2...

4.3CVSS0.00185EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.3 views

PT-2025-50005

Missing Authorization vulnerability in opicron Image Cleanup image-cleanup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Cleanup: from n/a through = 1.9.2...

7AI score0.00185EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/28 2:38 a.m.4 views

CVE-2025-62968

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sayan Datta WP Last Modified Info wp-last-modified-info allows Stored XSS.This issue affects WP Last Modified Info: from n/a through = 1.9.2...

6.5CVSS6AI score0.00151EPSS
Exploits0References1
NVD
NVD
added 2025/10/22 3:15 p.m.6 views

CVE-2025-52756

Improper Control of Generation of Code 'Code Injection' vulnerability in Sayan Datta WP Last Modified Info wp-last-modified-info allows Remote Code Inclusion.This issue affects WP Last Modified Info: from n/a through = 1.9.4...

7.4CVSS0.00249EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/22 12:0 a.m.8 views

PT-2025-43243

Name of the Vulnerable Software and Affected Versions WP Last Modified Info versions through 1.9.2 Description A flaw exists in WP Last Modified Info that allows for Remote Code Inclusion due to improper control of code generation. This issue allows an attacker to inject code remotely...

7.4CVSS7AI score0.00249EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/09/20 12:41 a.m.13 views

WordPress osTicket WP Bridge plugin <= 1.9.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin osTicket WP Bridge versions = 1.9.2...

6.1CVSS5.6AI score0.00141EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/05/26 3:15 p.m.2 views

CVE-2023-32964

Cross-Site Request Forgery CSRF vulnerability in Made with Fuel Better Notifications for WP plugin = 1.9.2 versions...

8.8CVSS7.3AI score0.00256EPSS
Exploits0References1
Rows per page
Query Builder