Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 5:2 p.m.5 views

CVE-2026-32485

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.8...

7.5CVSS5.8AI score0.00262EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.11 views

CVE-2026-32485

CVE-2026-32485 affects the WordPress plugin WP User Frontend (weDevs) versions prior to 4.2.9. The vulnerability is a Missing Authorization/Broken Access Control issue caused by incorrectly configured access control security levels in wp-user-frontend, allowing unauthorized access as described in...

7.5CVSS5.8AI score0.00262EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/17 10:33 a.m.5 views

WordPress EventPrime plugin <= 4.2.8.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO in WordPress Plugin EventPrime versions = 4.2.8.0...

9.8CVSS5.8AI score0.0051EPSS
Exploits0Affected Software1
Fedora
Fedora
added 2026/03/01 4:58 p.m.9 views

[SECURITY] Fedora 42 Update: python-django4.2-4.2.28-1.fc42

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

8.5CVSS6.1AI score0.09436EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2026/02/20 3:46 p.m.3 views

CVE-2025-69325 WordPress Primer MyData for Woocommerce plugin <= 4.2.8 - Path Traversal vulnerability

Path Traversal: '.../...//' vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Path Traversal.This issue affects Primer MyData for Woocommerce: from n/a through = 4.2.8...

5.9AI score0.00371EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.8 views

PT-2026-20281

The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the save frontend event submission function accepting a user-controlled event id parameter and updating the...

4.3CVSS5.5AI score0.00281EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/01/22 4:52 p.m.21 views

CVE-2026-24380 WordPress EventPrime plugin <= 4.2.8.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through = 4.2.8.0...

5.3CVSS0.00185EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.4 views

WordPress Plugin Contact Form by BestWebSoft 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress Plugin Contac...

6.1CVSS7.4AI score0.00495EPSS
Exploits0References4
Rows per page
Query Builder