Lucene search
K

43 matches found

EUVD
EUVD
added 4 days ago8 views

EUVD-2026-43159

The Wallet for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.6.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS6.2AI score0.00286EPSS
Exploits0References10
CVE
CVE
added 5 days ago8 views

CVE-2026-15291

The CVE-2026-15291 entry concerns the WordPress plugin Chat Help – Click to Chat Button & Form, vulnerable in all versions up to and including 3.1.3 due to missing authentication/authorization on REST endpoints /wp-json/chat-help/v1/leads and /wp-json/chat-help/v1/leads/{id}. Unauthenticated atta...

7.5CVSS5.9AI score0.0047EPSS
Exploits0References6
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42760

The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in versions up to and including 6.2.3 via the Spotify Social Login addon. This is due to the loginpressonspotifylogin function trusting the unverified 'email' field returned by Spotify's /v1/me endpoint and using it...

8.1CVSS5.9AI score0.00347EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-12598 LoginPress Pro <= 6.2.3 - Unauthenticated Authentication Bypass via Unverified OAuth Email in Spotify OAuth Callback

The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in versions up to and including 6.2.3 via the Spotify Social Login addon. This is due to the loginpressonspotifylogin function trusting the unverified 'email' field returned by Spotify's /v1/me endpoint and using it...

8.1CVSS0.00347EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/30 5:37 a.m.279 views

RestroPress-WordPress-Plugin-Sensitive-API-Key-amp-Token-Exposure-Vulnerability-Exploitation

📌 Overview CVE-2025-9209 is a critical information disclo...

9.8CVSS7.2AI score0.02196EPSS
Exploits6
Cvelist
Cvelist
added 2026/04/08 6:43 a.m.23 views

CVE-2026-3477 PZ Frontend Manager <= 1.0.6 - Missing Authorization to Arbitrary User Deletion via 'dataType' Parameter

The PZ Frontend Manager plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.6. The pzfmuserrequestactioncallback function, registered via the wpajaxpzfmuserrequestaction action hook, lacks both capability checks and nonce verification. This function...

5.3CVSS0.00319EPSS
Exploits0References7
NVD
NVD
added 2026/03/13 7:54 p.m.5 views

CVE-2026-22210

wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through unescaped attachment URLs in HTML output by exploiting the WpdiscuzHelperUpload class. Attackers can craft malicious attachment records or filter hooks to inject arbitrary...

6.1CVSS0.00161EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.8 views

PT-2026-7497

The Invoct – PDF Invoices & Billing for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access...

4.3CVSS5.5AI score0.00309EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2011-4587

Malware in sbrugna...

7.5CVSS6.4AI score0.02258EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-28412

Malicious code in bioql PyPI...

4.3CVSS8.6AI score0.00517EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-30621

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.00361EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/06/20 6:0 p.m.485 views

Exploit for SQL Injection in Internet-Formation Wp-Advanced-Search

CVE-2024-9796 WP-Advanced-Search 3.3.9.2 - Unauthenticated S...

9.8CVSS7.5AI score0.02991EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2025/05/23 8:37 a.m.9 views

CVE-2024-32835

Deserialization of Untrusted Data vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.3...

5.4CVSS5.2AI score0.00361EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:58 a.m.9 views

CVE-2023-6390

The WordPress Users WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.7AI score0.00329EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/22 6:40 a.m.6 views

CVE-2017-8099

There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing attackers to delete any WordPress users and change the plugin's status via a GET request...

8.1CVSS6.9AI score0.00639EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/04/17 3:15 p.m.6 views

CVE-2025-39443 WordPress Verge3D plugin <= 4.9.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Soft8Soft LLC Verge3D allows Cross Site Request Forgery. This issue affects Verge3D: from n/a through 4.9.0...

4.3CVSS4.7AI score0.00153EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/03/24 8:42 a.m.7 views

WordPress Export and Import Users and Customers plugin <= 2.6.2 - Authenticated (Admin+) PHP Object Injection via form_data Parameter vulnerability

Authenticated Admin+ PHP Object Injection via formdata Parameter vulnerability discovered by HayMiz in WordPress Plugin Import Export WordPress Users versions = 2.6.2...

7.2CVSS9.1AI score0.0069EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/03/24 8:41 a.m.9 views

WordPress Export and Import Users and Customers plugin <= 2.6.2 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function vulnerability

Directory Traversal to Authenticated Administrator+ Limited Arbitrary File Deletion via adminlogpage Function vulnerability discovered by HayMiz in WordPress Plugin Import Export WordPress Users versions = 2.6.2...

6.5CVSS8.8AI score0.00371EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2025/02/08 8:21 a.m.1723 views

Autodesk: Wordpress users Disclosure

we can see all the WordPress users/author with some of their information. Which can even be Personal information of employees/author. The file author-sitemap.xml at:https://www.payapps.com/author-sitemap.xml is enabled and this give the attacker many users names and emails like: F4036174 Impact...

6.5AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/11/16 9:36 a.m.30 views

CVE-2024-9887 Login using WordPress Users ( WP as SAML IDP ) <= 1.15.6 - Authenticated (Administrator+) SQL Injection

The Login using WordPress Users WP as SAML IDP plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.15.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL quer...

7.2CVSS7.3AI score0.00492EPSS
Exploits0References4
Rows per page
Query Builder