CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

29 matches found

WCFM WooCommerce Multivendor Marketplace < 3.4.12 - SQL Injection

The wcfmajaxcontroller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections. id: CVE-2021-24849 info: name: WCFM...

9.8CVSS7.3AI score0.0848EPSS

Exploits2References3

ATTACKERKB•added 2026/02/10 7:27 a.m.•3 views

CVE-2026-1722

The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is due to the plugin not implementing authorization checks in the wcfm-refund-requests-form AJAX controller. This...

5.3CVSS5.7AI score0.00294EPSS

Exploits0References5

Cvelist•added 2026/01/06 3:21 a.m.•32 views

CVE-2025-11370 Depicter <= 4.0.7 - Missing Authorization to Unauthenticated Display Rule Updates

The Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'store' function of the...

5.3CVSS0.00235EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-42167

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00449EPSS

Exploits1References1

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2023-42166

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00254EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 9:22 a.m.•2 views

CVE-2024-4450

The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.6. This makes it possible for authenticated attackers, with...

6.3CVSS5.9AI score0.00334EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 4:7 a.m.•7 views

CVE-2023-38350

PNP4Nagios through 81ebfc5 has stored XSS in the AJAX controller via the basket API and filters. This affects 0.6.26...

5.4CVSS5.8AI score0.00449EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 2:12 a.m.•6 views

CVE-2023-38349

PNP4Nagios through 81ebfc5 lacks CSRF protection in the AJAX controller. This affects 0.6.26...

8.8CVSS6.9AI score0.00254EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 7:23 p.m.•7 views

CVE-2021-24849

9.8CVSS7.5AI score0.0848EPSS

Exploits2References1

OSV•added 2024/06/19 4:15 a.m.•2 views

CVE-2024-4450

The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with...

6.3CVSS5.8AI score0.00334EPSS

Exploits0References2

CNNVD•added 2024/06/19 12:0 a.m.•4 views

WordPress plugin AliExpress Dropshipping with AliNext Lite security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.3CVSS6.4AI score0.00334EPSS

Exploits0References3

BDU FSTEC•added 2023/07/28 12:0 a.m.•4 views

The vulnerability of the filter() and basket() functions in the Ajax Controller of the PNP4Nagios performance monitoring system for network monitoring allows a violator to execute cross-site scripting attacks.

The vulnerability of the filter and basket functions in the Ajax Controller of the PNP4Nagios performance monitoring system for network monitoring involves a lack of measures taken to protect the website structure. Exploiting this vulnerability could allow an attacker to perform cross-site...

4.3CVSS5.7AI score0.00449EPSS

Exploits1References7Affected Software1

BDU FSTEC•added 2023/07/28 12:0 a.m.•3 views

The vulnerability of the Ajax Controller component of the PNP4Nagios network monitoring system allows a attacker to perform a CSRF attack.

The vulnerability of the Ajax Controller component in the PNP4Nagios network monitoring system is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack remotely...

5CVSS7.5AI score0.00254EPSS

Exploits0References5Affected Software1

OSV•added 2023/07/15 2:15 a.m.•13 views

CVE-2023-38350

PNP4Nagios through 81ebfc5 has stored XSS in the AJAX controller via the basket API and filters. This affects 0.6.26...

5.4CVSS5.9AI score

Exploits0References1

ATTACKERKB•added 2023/07/15 2:15 a.m.•6 views

CVE-2023-38349

PNP4Nagios through 81ebfc5 lacks CSRF protection in the AJAX controller. This affects 0.6.26...

8.8CVSS7.3AI score0.00254EPSS

Exploits0References2