Lucene search
+L

135 matches found

Cvelist
Cvelist
added 2025/11/19 3:29 a.m.12 views

CVE-2025-12427 YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Insecure Direct Object Reference to Unauthenticated Wishlist Rename

The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.10.0 via the REST API endpoint and AJAX handler due to missing validation on user-controlled keys. This makes it possible for unauthenticated attackers to...

5.3CVSS0.0027EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/11/06 10:13 a.m.9 views

CVE-2025-12469

The FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.4.1. This is due to the plugin not properly verifying that a user is authorized to perform administrativ...

4.3CVSS6AI score0.00235EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/05 9:27 a.m.12 views

CVE-2025-12469 FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce <= 3.6.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending

The FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.4.1. This is due to the plugin not properly verifying that a user is authorized to perform administrativ...

4.3CVSS0.00235EPSS
Exploits0References5
CNVD
CNVD
added 2025/10/21 12:0 a.m.3 views

WordPress Library Management System plugin unauthorized data modification vulnerability

The WordPress Library Management System plugin is a plugin for extending the functionality of WordPress, mainly used to help users manage website content, user data and system settings more efficiently. The WordPress Library Management System plugin suffers from an unauthorized data modification...

4.3CVSS6.7AI score0.00219EPSS
Exploits0References1
CVE
CVE
added 2025/10/15 8:25 a.m.14 views

CVE-2025-10303

CVE-2025-10303 affects the WordPress Library Management System plugin. The root cause is a missing capability check in owt7_library_management_ajax_handler(), affecting all versions up to 3.1, enabling authenticated users with Subscriber-level access and above to modify various plugin settings. W...

4.3CVSS4.8AI score0.00219EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.5 views

WordPress plugin Library Management System 安全漏洞

The WordPress Library Management System plugin is a plugin for extending the functionality of WordPress, mainly used to help users manage website content, user data and system settings more efficiently. The WordPress Library Management System plugin suffers from an unauthorized data modification...

4.3CVSS6.6AI score0.00219EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2015-6603

Malware in sbrugna...

4.3CVSS7.3AI score0.02689EPSS
Exploits0References18
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-19920

Malicious code in bioql PyPI...

8.8CVSS6.4AI score0.00364EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-21590

Malicious code in bioql PyPI...

8.8CVSS6.5AI score0.00441EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-2160

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00263EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/24 12:0 a.m.8 views

PT-2025-39243

Name of the Vulnerable Software and Affected Versions MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress versions prior to 4.2.9 Description The software is susceptible to unauthorized data modification, potentially allowing attackers to escalate privileges...

9.8CVSS6.8AI score0.00349EPSS
Exploits0References9
NVD
NVD
added 2025/09/18 10:15 a.m.47 views

CVE-2025-8565

The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the wplpgdprinstallpluginajaxhandler function in all versions up to, and including, 3.4.3...

8.1CVSS0.00257EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/07 6:33 a.m.9 views

CVE-2025-8944

The OceanWP WordPress theme before 4.1.2 is vulnerable to an option update due to a missing capability check on one of its AJAX request handler, allowing any authenticated users, such as subscriber to update the darkMod setting...

4.3CVSS6.5AI score0.00211EPSS
Exploits1References1
NVD
NVD
added 2025/09/05 6:15 a.m.5 views

CVE-2025-8944

The OceanWP WordPress theme before 4.1.2 is vulnerable to an option update due to a missing capability check on one of its AJAX request handler, allowing any authenticated users, such as subscriber to update the darkMod setting...

4.3CVSS0.00211EPSS
Exploits1References1
OSV
OSV
added 2025/09/05 6:15 a.m.9 views

CVE-2025-8944

The OceanWP WordPress theme before 4.1.2 is vulnerable to an option update due to a missing capability check on one of its AJAX request handler, allowing any authenticated users, such as subscriber to update the darkMod setting...

4.3CVSS5.8AI score0.00211EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/08/04 9:33 a.m.8 views

CVE-2025-6754

The SEO Metrics plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks in both the seometricshandleconnectbuttonclick AJAX handler and the seometricshandlecustomendpoint function in all versions up to, and including, 1.0.15. Because the AJAX action only...

8.8CVSS5.9AI score0.00381EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/25 2:29 a.m.15 views

CVE-2025-6190

The Realty Portal – Agent plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the rpuserprofile AJAX handler in versions 0.1.0 through 0.3.9. The handler reads the client-supplied meta key and value pairs from $POST and passes them directly to...

8.8CVSS6.9AI score0.00437EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/16 9:22 a.m.4 views

CVE-2025-6993 Ultimate WP Mail 1.0.17 - 1.3.6 - Missing Authorization to Authenticated (Contributor+) Privilege Escalation via get_email_log_details Function

The Ultimate WP Mail plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the getemaillogdetails AJAX handler in versions 1.0.17 to 1.3.6. The handler reads the client-supplied postid and retrieves the corresponding email log post content including the...

7.5CVSS6.2AI score0.00441EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 9:22 a.m.4 views

CVE-2024-3722

The Swift Performance Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajaxhandler function in all versions up to, and including, 2.3.6.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to retriev...

5.4CVSS5.9AI score0.00413EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:23 a.m.7 views

CVE-2024-1785

The Contests by Rewards Fuel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.62. This is due to missing or incorrect nonce validation on the ajaxhandler function. This makes it possible for unauthenticated attackers to update the plugin's...

5.4CVSS6.5AI score0.00309EPSS
Exploits0References1
Rows per page
Query Builder