CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

27 matches found

WCFM WooCommerce Multivendor Marketplace < 3.4.12 - SQL Injection

The wcfmajaxcontroller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections. id: CVE-2021-24849 info: name: WCFM...

9.8CVSS7.3AI score0.74641EPSS

Exploits2References3

ATTACKERKB•added 2026/02/10 7:27 a.m.•2 views

CVE-2026-1722

The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is due to the plugin not implementing authorization checks in the wcfm-refund-requests-form AJAX controller. This...

5.3CVSS5.7AI score0.00032EPSS

Exploits0References5

Cvelist•added 2026/01/06 3:21 a.m.•28 views

CVE-2025-11370 Depicter <= 4.0.7 - Missing Authorization to Unauthenticated Display Rule Updates

The Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'store' function of the...

5.3CVSS0.00083EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-42166

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00171EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-42167

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00179EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 9:22 a.m.•0 views

CVE-2024-4450

The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.6. This makes it possible for authenticated attackers, with...

6.3CVSS5.9AI score0.00131EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 4:7 a.m.•5 views

CVE-2023-38350

PNP4Nagios through 81ebfc5 has stored XSS in the AJAX controller via the basket API and filters. This affects 0.6.26...

5.4CVSS5.8AI score0.00179EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 2:12 a.m.•4 views

CVE-2023-38349

PNP4Nagios through 81ebfc5 lacks CSRF protection in the AJAX controller. This affects 0.6.26...

8.8CVSS6.9AI score0.00171EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 7:23 p.m.•4 views

CVE-2021-24849

9.8CVSS7.5AI score0.74641EPSS

Exploits2References1

OSV•added 2024/06/19 4:15 a.m.•0 views

CVE-2024-4450

The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with...

6.3CVSS5.8AI score

Exploits0References2

CNNVD•added 2024/06/19 12:0 a.m.•2 views

WordPress plugin AliExpress Dropshipping with AliNext Lite security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.3CVSS6.4AI score0.00131EPSS

Exploits0References3