Lucene search
K

6 matches found

CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

WordPress plugin Geeky Bot 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

9.8CVSS6AI score0.00455EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/06 7:17 a.m.6 views

CVE-2025-11373

The Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability checks in the "depicter-media-upload" AJAX route in all...

4.3CVSS5.5AI score0.00228EPSS
Exploits0References1
NVD
NVD
added 2025/09/30 11:37 a.m.6 views

CVE-2025-7052

The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.1.94. This is due to missing nonce validation on the changepassword function of its customercabinetchangepassword AJAX route. The plugin hooks this endpoint via wpajax and...

8.8CVSS0.00204EPSS
Exploits0References5
NVD
NVD
added 2025/09/09 9:15 a.m.28 views

CVE-2025-59018

Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke the corresponding AJAX backend route to disclose sensitive information without having access...

7.1CVSS0.00266EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/09 9:1 a.m.3 views

CVE-2025-59018 Information Disclosure in Workspaces Module

Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke the corresponding AJAX backend route to disclose sensitive information without having access...

7.1CVSS5.9AI score0.00266EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/16 12:0 a.m.11 views

PT-2024-10850 · Motopress · The Timetable/Event Schedule By Motopress

Name of the Vulnerable Software and Affected Versions: The Timetable and Event Schedule by MotoPress plugin for WordPress versions up to, and including, 2.3.8 Description: The issue is related to a missing capability check on the wp ajax route url function called via a nopriv AJAX action. This...

9.8CVSS7.3AI score0.00403EPSS
Exploits0References10
Rows per page
Query Builder