Lucene search
K

80 matches found

NVD
NVD
added 2026/01/20 3:16 p.m.7 views

CVE-2025-15347

The Creator LMS – The LMS for Creators, Coaches, and Trainers plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check in the getitemspermissionscheck function in all versions up to, and including, 1.1.12. This...

8.8CVSS0.00271EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:45 a.m.7 views

CVE-2022-0952

The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as...

8.8CVSS6.9AI score0.13329EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.3 views

CVE-2025-14370

The Quote Comments plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.0. This is due to missing authorization checks in the quotecommentsaddadmin function. This makes it possible for authenticated attackers, with Subscriber-level access and above...

5.3CVSS5.9AI score0.00158EPSS
Exploits0References1
CVE
CVE
added 2026/01/07 8:21 a.m.20 views

CVE-2025-11877

The CVE-2025-11877 issue affects WordPress User Activity Log versions up to 2.2. The vulnerability is in the failed-login handler (ual_shook_wp_login_failed), which lacks a capability check and writes failed usernames into update_option() calls. This allows unauthenticated attackers to push certa...

7.5CVSS5.8AI score0.00335EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/11/22 8:35 a.m.12 views

CVE-2025-11985

The Realty Portal plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'rpsavepropertysettings' function in versions 0.1 to 0.4.1. This makes it possible for authenticated attackers, with...

8.8CVSS6.1AI score0.00332EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/21 7:31 a.m.9 views

CVE-2025-11985 Realty Portal <= 0.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

The Realty Portal plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'rpsavepropertysettings' function in versions 0.1 to 0.4.1. This makes it possible for authenticated attackers, with...

8.8CVSS0.00332EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-12134

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.00393EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/11 11:15 a.m.11 views

CVE-2025-9018 Time Tracker <= 3.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update and Limited Data Deletion

The Time Tracker plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'ttupdatetablefunction' and 'ttdeleterecordfunction' functions in all versions up to, and including, 3.1.0. This makes it possible for authenticated attackers...

8.8CVSS0.00327EPSS
Exploits0References4
NVD
NVD
added 2025/09/11 8:15 a.m.13 views

CVE-2025-8425

The My WP Translate plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajaximportstrings function in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with...

8.8CVSS0.00284EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/11 7:25 a.m.7 views

CVE-2025-8425 My WP Translate <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

The My WP Translate plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajaximportstrings function in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with...

8.8CVSS0.00284EPSS
Exploits0References2
CVE
CVE
added 2025/09/11 7:25 a.m.17 views

CVE-2025-8425

CVE-2025-8425 affects the WordPress plugin My WP Translate (versions

8.8CVSS5.5AI score0.00284EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 5:39 a.m.10 views

CVE-2023-0584

The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'updateoptions' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change the 'vkfontawesomeversion' option to an arbitrar...

4.3CVSS5.6AI score0.00508EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:57 a.m.13 views

CVE-2023-1016

The Intuitive Custom Post Order plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.1.4.1, due to insufficient escaping on the user supplied 'objects' and 'tags' parameters and lack of sufficient preparation in the 'updateoptions' function as well as the...

7.2CVSS7AI score0.00971EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:5 p.m.9 views

CVE-2022-3451

The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. One action in particular could allow to update arbitrary options...

4.3CVSS6.9AI score0.00264EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/04/24 12:0 a.m.4 views

WordPress plugin Xelion Webchat 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

8.8CVSS8AI score0.00393EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/02 12:0 a.m.7 views

PT-2025-14457 · WordPress · Insert Headers/Footers Code – Ht Script

Name of the Vulnerable Software and Affected Versions: The Insert Headers and Footers Code – HT Script plugin for WordPress versions up to, and including, 1.1.2 Description: The issue is related to a missing capability check on the ajax dismiss function, allowing authenticated attackers with...

6.5CVSS6.8AI score0.00269EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/03/16 6:6 a.m.7 views

CVE-2025-2103

The SoundRise Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on theironMusicajax function in all versions up to, and including, 1.6.11. This makes it possible for authenticated attackers, with...

8.8CVSS7.4AI score0.00335EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/03/14 8:38 a.m.8 views

WordPress Eco Nature - Environment & Ecology WordPress theme <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update vulnerability

WordPress Eco Nature - Environment & Ecology WordPress theme = 2.0.4 - Missing Authorization to Authenticated Subscriber+ Limited Options Update vulnerability discovered by Lucio Sá in WordPress Theme Eco Nature versions = 2.0.4...

8.1CVSS8.9AI score0.00303EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/03/13 5:27 p.m.10 views

WordPress Zegen theme <= 1.1.9 - Missing Authorization to Authenticated (Subscriber+) Theme Options Updates vulnerability

Missing Authorization to Authenticated Subscriber+ Theme Options Updates vulnerability discovered by Lucio Sá in WordPress Theme Zegen versions = 1.1.9...

8.8CVSS8.9AI score0.00264EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/02/28 9:15 a.m.3 views

CVE-2024-9193

The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.3-revision-0 via the whmpressdomainsearchajaxextendedresults function. This makes it possible for unauthenticated attackers to include and execute...

9.8CVSS8AI score0.03111EPSS
Exploits0References2
Rows per page
Query Builder