Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:26 a.m.6 views

CVE-2023-4600

The AffiliateWP for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'affwpactivateaddonspageplugin' function called via an AJAX action in versions up to, and including, 2.14.0. This makes it possible for authenticated attackers, with...

4.3CVSS5.3AI score0.00321EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/14 5:3 a.m.4 views

CVE-2025-11164

The Mavix Education theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mavixeducationactivateplugin' AJAX action in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level acces...

4.3CVSS5.1AI score0.00158EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/13 6:57 a.m.6 views

CVE-2025-10684

The Construction Light WordPress theme before 1.6.8 does not have authorisation and CSRF when activating via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary...

4.3CVSS6.9AI score0.00102EPSS
Exploits0References1
NVD
NVD
added 2025/12/12 6:15 a.m.20 views

CVE-2025-10684

The Construction Light WordPress theme before 1.6.8 does not have authorisation and CSRF when activating via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary...

4.3CVSS0.00102EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.9 views

PT-2025-50885

Name of the Vulnerable Software and Affected Versions Construction Light WordPress theme versions prior to 1.6.8 Description The Construction Light WordPress theme lacks proper authorization and Cross-Site Request Forgery CSRF protection when activated through an AJAX action. This allows any...

4.3CVSS6.4AI score0.00102EPSS
Exploits0References5
Rows per page
Query Builder