Lucene search
+L

72 matches found

nvd
nvd
added 2026/07/02 6:16 a.m.10 views

CVE-2026-11781

The Adminify WordPress plugin before 4.2.10 does not perform per-user read-capability checks on the results returned by one of its administration search features, allowing users with a low-privilege role Contributor to disclose non-public content that WordPress would not otherwise expose to them,...

2.7CVSS0.00189EPSS
Exploits0References1
euvd
euvd
added 2026/07/02 6:0 a.m.8 views

EUVD-2026-41254

The Adminify WordPress plugin before 4.2.10 does not perform per-user read-capability checks on the results returned by one of its administration search features, allowing users with a low-privilege role Contributor to disclose non-public content that WordPress would not otherwise expose to them,...

2.7CVSS5.7AI score0.00189EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/02 6:0 a.m.41 views

CVE-2026-11781 Adminify < 4.2.10 - Contributor+ Sensitive Information Disclosure via Global Search AJAX

The Adminify WordPress plugin before 4.2.10 does not perform per-user read-capability checks on the results returned by one of its administration search features, allowing users with a low-privilege role Contributor to disclose non-public content that WordPress would not otherwise expose to them,...

0.00189EPSS
Exploits0References1
cve
cve
added 2026/07/02 6:0 a.m.18 views

CVE-2026-11781

The CVE-2026-11781 entry affects the Adminify WordPress plugin prior to version 4.2.10. The vulnerability arises because the plugin does not perform per-user read-capability checks on results returned by an administration search feature. As a result, users with a low-privilege role (Contributor) ...

2.7CVSS5.7AI score0.00189EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/02 6:0 a.m.7 views

CVE-2026-11781

The Adminify WordPress plugin before 4.2.10 does not perform per-user read-capability checks on the results returned by one of its administration search features, allowing users with a low-privilege role Contributor to disclose non-public content that WordPress would not otherwise expose to them,...

5.7AI score0.00189EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/29 3:18 p.m.8 views

CVE-2026-1060

The WP Adminify plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.7.7 via the /wp-json/adminify/v1/get-addons-list REST API endpoint. The endpoint is registered with permissioncallback set to returntrue, allowing unauthenticated attacke...

5.3CVSS5.9AI score0.00247EPSS
Exploits0References1
patchstack
patchstack
added 2026/01/28 9:37 p.m.10 views

WordPress WP Adminify plugin <= 4.0.7.7 - Unauthenticated Sensitive Information Exposure via 'get-addons-list' REST API vulnerability

Unauthenticated Sensitive Information Exposure via 'get-addons-list' REST API vulnerability discovered by ibrahimsql in WordPress Plugin WP Adminify versions = 4.0.7.7...

5.3CVSS5.9AI score0.00247EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2026/01/28 3:16 p.m.6 views

CVE-2026-1060

The WP Adminify plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.7.7 via the /wp-json/adminify/v1/get-addons-list REST API endpoint. The endpoint is registered with permissioncallback set to returntrue, allowing unauthenticated attacke...

5.3CVSS0.00247EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/01/28 2:25 p.m.7 views

CVE-2026-1060

The WP Adminify plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.7.7 via the /wp-json/adminify/v1/get-addons-list REST API endpoint. The endpoint is registered with permissioncallback set to returntrue, allowing unauthenticated attacke...

5.3CVSS5.9AI score0.00247EPSS
Exploits0References4
cvelist
cvelist
added 2026/01/28 2:25 p.m.32 views

CVE-2026-1060 WP Adminify <= 4.0.7.7 - Unauthenticated Sensitive Information Exposure via 'get-addons-list' REST API

The WP Adminify plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.7.7 via the /wp-json/adminify/v1/get-addons-list REST API endpoint. The endpoint is registered with permissioncallback set to returntrue, allowing unauthenticated attacke...

5.3CVSS0.00247EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/01/28 2:25 p.m.5 views

CVE-2026-1060 WP Adminify <= 4.0.7.7 - Unauthenticated Sensitive Information Exposure via 'get-addons-list' REST API

The WP Adminify plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.7.7 via the /wp-json/adminify/v1/get-addons-list REST API endpoint. The endpoint is registered with permissioncallback set to returntrue, allowing unauthenticated attacke...

5.3CVSS5.9AI score0.00247EPSS
Exploits0References3
euvd
euvd
added 2026/01/28 2:25 p.m.7 views

EUVD-2026-4920

The WP Adminify plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.7.7 via the /wp-json/adminify/v1/get-addons-list REST API endpoint. The endpoint is registered with permissioncallback set to returntrue, allowing unauthenticated attacke...

5.3CVSS5.9AI score0.00247EPSS
Exploits0References3
cve
cve
added 2026/01/28 2:25 p.m.25 views

CVE-2026-1060

CVE-2026-1060 concerns the WordPress plugin WP Adminify. The vulnerability allows unauthenticated access to sensitive addon information via the REST endpoint /wp-json/adminify/v1/get-addons-list. The endpoint is registered with a permisssion_callback of __return_true, enabling any user to retriev...

5.3CVSS5.9AI score0.00247EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/01/28 12:0 a.m.10 views

WordPress plugin WP Adminify has a vulnerability related to information leakage.

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

5.3CVSS5.8AI score0.00247EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/01/28 12:0 a.m.10 views

PT-2026-5125

The WP Adminify plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.7.7 via the /wp-json/adminify/v1/get-addons-list REST API endpoint. The endpoint is registered with permission callback set to return true, allowing unauthenticated...

5.3CVSS5.9AI score0.00247EPSS
Exploits0References4
redhatcve
redhatcve
added 2025/12/25 1:23 p.m.3 views

CVE-2025-68592

Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through = 4.0.6.1...

4.3CVSS7AI score0.00201EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/12/25 1:23 p.m.4 views

CVE-2025-68593

Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through = 4.0.6.1...

5.4CVSS7AI score0.00214EPSS
Exploits0References1
euvd
euvd
added 2025/12/24 3:30 p.m.3 views

EUVD-2025-205243

Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through = 4.0.6.1...

8.8CVSS6.5AI score0.00201EPSS
Exploits0References2
euvd
euvd
added 2025/12/24 3:30 p.m.3 views

EUVD-2025-205242

Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through = 4.0.6.1...

8.8CVSS6.5AI score0.00214EPSS
Exploits0References2
nvd
nvd
added 2025/12/24 1:16 p.m.3 views

CVE-2025-68592

Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through = 4.0.6.1...

4.3CVSS0.00201EPSS
Exploits0References1
Rows per page
Query Builder