Lucene search
K

1395 matches found

Positive Technologies
Positive Technologies
added 2025/11/21 12:0 a.m.5 views

PT-2025-47699

The AuthorSure plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the 'authorsure' page. This makes it possible for unauthenticated attackers to update settings and inject malicious we...

6.1CVSS5.4AI score0.00099EPSS
Exploits0References3
CNVD
CNVD
added 2025/11/20 12:0 a.m.2 views

Online Shopping Portal admin page SQL Injection Vulnerability

Online Shopping Portal is an online store system. A SQL injection vulnerability exists in Online Shopping Portal due to a lack of validation of an externally entered SQL statement in the username parameter of the admin page. An attacker can exploit this vulnerability to execute illegal SQL comman...

6.5CVSS8.3AI score0.0021EPSS
Exploits1References1
CNVD
CNVD
added 2025/11/20 12:0 a.m.4 views

Online Voting System /index.php File Code Problem Vulnerability

Online Voting System is an online voting system. Online Voting System has a code issue vulnerability that stems from a lack of validation of uploaded files in the page parameter of file /index.php. An attacker can exploit this vulnerability to upload malicious files...

8.8CVSS7.3AI score0.00264EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/19 9:9 a.m.11 views

CVE-2025-12406

The Project Honey Pot Spam Trap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the printAdminPage function. This makes it possible for unauthenticated attackers to update setting...

6.1CVSS5.3AI score0.00124EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/19 7:26 a.m.5 views

CVE-2025-12524

The Post Type Switcher plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.0.0 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to modify the post type...

5.4CVSS5.7AI score0.0025EPSS
Exploits0References1
NVD
NVD
added 2025/11/18 4:15 p.m.5 views

CVE-2025-63800

The password change endpoint in Open Source Point of Sale 3.4.1 allows users to set their account password to an empty string due to missing server-side validation. When an authenticated user omits or leaves the password and repeatpassword parameters empty in the password change request, the...

7.5CVSS0.00408EPSS
Exploits1References3
NVD
NVD
added 2025/11/18 9:15 a.m.3 views

CVE-2025-40548

A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under...

9.1CVSS0.00645EPSS
Exploits0References2
NVD
NVD
added 2025/11/18 9:15 a.m.8 views

CVE-2025-12827

The Top Friends plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3. This is due to missing nonce validation on the topfriendsoptionssubpanel function. This makes it possible for unauthenticated attackers to modify plugin settings via a forge...

4.3CVSS0.00106EPSS
Exploits0References2
NVD
NVD
added 2025/11/18 9:15 a.m.10 views

CVE-2025-12406

The Project Honey Pot Spam Trap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the printAdminPage function. This makes it possible for unauthenticated attackers to update setting...

6.1CVSS0.00124EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/18 8:38 a.m.4 views

EUVD-2025-197929

A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under...

9.1CVSS6.5AI score0.00645EPSS
Exploits0References3
CVE
CVE
added 2025/11/18 8:27 a.m.10 views

CVE-2025-12827

CVE-2025-12827 (Top Friends) : The WordPress Top Friends plugin is vulnerable to Cross-Site Forgery (CSRF) in all versions up to 0.3 due to missing nonce validation in the top_friends_options_subpanel() function. This allows unauthenticated attackers to modify plugin settings by tricking an admin...

4.3CVSS4.9AI score0.00106EPSS
Exploits0References2
CVE
CVE
added 2025/11/18 8:27 a.m.20 views

CVE-2025-12404

CVE-2025-12404 affects the WordPress Like-it plugin, specifically versions up to 2.2. The vulnerability arises from missing or incorrect nonce validation in the likeit_conf() function, allowing unauthenticated attackers to update settings and inject malicious web scripts via forged requests that ...

6.1CVSS5AI score0.00124EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.4 views

PT-2025-47262

Name of the Vulnerable Software and Affected Versions Top Friends plugin for WordPress versions prior to 0.4 Description The Top Friends plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. This is caused by a lack of nonce validation within the top friends options subpanel...

4.3CVSS6.2AI score0.00106EPSS
Exploits0References4
CNVD
CNVD
added 2025/11/18 12:0 a.m.5 views

Student Record Management System login.php File SQL Injection Vulnerability

Student Record Management System is a software application. Student Record Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the id and password parameters of login.php. An attacker can exploit this...

6.5CVSS8.4AI score0.0021EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.4 views

WordPress plugin Like-it 跨站请求伪造漏洞

WordPress Like-it plugin is an extension to add like-it functionality to WordPress blogs, allowing users to perform like-it operations on posts or comments. The WordPress Like-it plugin suffers from a cross-site request forgery vulnerability, which arises from a web application that does not...

6.1CVSS6.5AI score0.00124EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.5 views

PT-2025-47338

Name of the Vulnerable Software and Affected Versions Open Source Point of Sale version 3.4.1 Description The password change functionality has a flaw where a user can set an empty password due to a lack of server-side validation. Omitting or providing empty values for the password and repeat...

7.5CVSS6.9AI score0.00408EPSS
Exploits1References5
EUVD
EUVD
added 2025/11/11 3:31 p.m.4 views

EUVD-2025-84355

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'replymessage' in '/messages/reply'...

5.1CVSS6.8AI score0.00141EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/11 1:44 p.m.6 views

CVE-2025-64685

In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure...

8.1CVSS6.9AI score0.002EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/11 6:30 a.m.6 views

EUVD-2025-60952

The USB Qr Code Scanner For Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the settings page. This makes it possible for unauthenticated attackers to update the plugin's settings...

4.3CVSS5.2AI score0.00131EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/11 6:30 a.m.8 views

EUVD-2025-60945

The WP移行専用プラグイン for CPI plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the CpiwmImportController::import function in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

9.8CVSS7AI score0.00699EPSS
Exploits1References3
Rows per page
Query Builder