Lucene search
K

4 matches found

EUVD
EUVD
added yesterday6 views

EUVD-2026-43289

The Tutor LMS WordPress plugin before 3.9.13 does not verify that the requesting user is allowed to edit a target post before overwriting it in one of its content-builder save handlers, authorizing the request only against an unrelated identifier, allowing authenticated users with instructor-leve...

6.5CVSS6.1AI score0.00135EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday30 views

CVE-2026-12274 Tutor LMS < 3.9.13 - Instructor+ Arbitrary Post Overwrite via IDOR

The Tutor LMS WordPress plugin before 3.9.13 does not verify that the requesting user is allowed to edit a target post before overwriting it in one of its content-builder save handlers, authorizing the request only against an unrelated identifier, allowing authenticated users with instructor-leve...

0.00135EPSS
Exploits0References1
NVD
NVD
added 2026/02/18 8:16 a.m.9 views

CVE-2026-1655

The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the savefrontendeventsubmission function accepting a user-controlled eventid parameter and updating the correspondi...

4.3CVSS0.00281EPSS
Exploits0References6
CVE
CVE
added 2026/02/18 7:25 a.m.18 views

CVE-2026-1655

CVE-2026-1655 — EventPrime for WordPress : Unauthorized post modification due to missing authorization checks in save_frontend_event_submission, which uses a user-controlled event_id to update posts. Affected versions are up to 4.2.8.4; patch exists in 4.2.8.4+. The issue allows authenticated (Cu...

4.3CVSS5.5AI score0.00281EPSS
Exploits0References6
Rows per page
Query Builder