Lucene search
+L

621 matches found

patchstack
patchstack
added 2025/09/26 10:2 a.m.10 views

WordPress WP Subscription Forms PRO Plugin <= 2.0.5 - Arbitrary Content Deletion Vulnerability

Arbitrary Content Deletion Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WP Subscription Forms PRO versions = 2.0.5...

4.3CVSS6.7AI score0.00181EPSS
Exploits0Affected Software1
cve
cve
added 2025/09/26 8:32 a.m.13 views

CVE-2025-60166

Technical details for CVE-2025-60166 are not provided in the supplied documents. The initial description notes a Missing Authorization vulnerability in WP Subscription Forms PRO

4.3CVSS5.9AI score0.00181EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/09/26 8:32 a.m.4 views

CVE-2025-60166 WordPress WP Subscription Forms PRO Plugin <= 2.0.5 - Arbitrary Content Deletion Vulnerability

Missing Authorization vulnerability in wpshuffle WP Subscription Forms PRO wp-subscription-forms-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscription Forms PRO: from n/a through = 2.0.5...

4.3CVSS5.1AI score0.00181EPSS
Exploits0References1
cvelist
cvelist
added 2025/09/26 8:32 a.m.14 views

CVE-2025-60166 WordPress WP Subscription Forms PRO Plugin <= 2.0.5 - Arbitrary Content Deletion Vulnerability

Missing Authorization vulnerability in wpshuffle WP Subscription Forms PRO wp-subscription-forms-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscription Forms PRO: from n/a through = 2.0.5...

4.3CVSS0.00181EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/09/26 8:31 a.m.2 views

CVE-2025-60106 WordPress EmailKit Plugin <= 1.6.0 - Arbitrary Content Deletion Vulnerability

Missing Authorization vulnerability in Roxnor EmailKit emailkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EmailKit: from n/a through = 1.6.0...

4.9CVSS5.9AI score0.00341EPSS
Exploits0References1
cve
cve
added 2025/09/26 8:31 a.m.11 views

CVE-2025-60106

EmailKit (WordPress) is affected by CVE-2025-60106 due to a Missing Authorization flaw that could allow Arbitrary Content Deletion. The issue applies to EmailKit versions up to and including 1.6.0. The connected resources indicate this CVE has been addressed (patched) in later releases; users sho...

4.9CVSS5.9AI score0.00341EPSS
Exploits0References1
cvelist
cvelist
added 2025/09/26 8:31 a.m.12 views

CVE-2025-59011 WordPress Traveler Theme < 3.2.3 - Arbitrary Content Deletion Vulnerability

Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through 3.2.3...

7.5CVSS0.00356EPSS
Exploits0References1
nvd
nvd
added 2025/09/23 5:15 p.m.5 views

CVE-2024-6429

A content spoofing vulnerability exists in multiple WSO2 products due to improper error message handling. Under certain conditions, error messages are passed through URL parameters without validation, allowing malicious actors to inject arbitrary content into the UI. By exploiting this...

4.3CVSS0.002EPSS
Exploits0References1
patchstack
patchstack
added 2025/09/23 12:25 p.m.7 views

WordPress Super Blank Plugin <= 1.2.0 - Arbitrary Content Deletion Vulnerability

Arbitrary Content Deletion Vulnerability discovered by Denver Jackson in WordPress Plugin Super Blank versions = 1.2.0...

8.6CVSS6.7AI score0.00271EPSS
Exploits0Affected Software1
cve
cve
added 2025/09/22 6:25 p.m.15 views

CVE-2025-59581

CVE-2025-59581 - Ibtana (WordPress Website Builder) Missing Authorization vulnerability present in Ibtana, allowing Arbitrary Content Deletion due to improper access control. Affected versions: up to 1.2.5.3 (from n/a to 1.2.5.3). Connected docs corroborate the issue as an access-control weakness...

6.5CVSS5.9AI score0.0025EPSS
Exploits0References1
cvelist
cvelist
added 2025/09/22 6:25 p.m.14 views

CVE-2025-59581 WordPress Ibtana Plugin <= 1.2.5.3 - Arbitrary Content Deletion Vulnerability

Missing Authorization vulnerability in VW THEMES Ibtana ibtana-visual-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ibtana: from n/a through = 1.2.5.3...

6.5CVSS0.0025EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/09/22 6:25 p.m.4 views

CVE-2025-59581 WordPress Ibtana Plugin <= 1.2.5.3 - Arbitrary Content Deletion Vulnerability

Missing Authorization vulnerability in VW THEMES Ibtana allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ibtana: from n/a through 1.2.5.3...

6.5CVSS6.6AI score0.0025EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/08/31 10:29 p.m.4 views

CVE-2025-55173

A vulnerability in Next.js Image Optimization allowed attacker-controlled image servers to trigger arbitrary file downloads with custom content and filenames. Exploitation required permissive images.domains or images.remotePatterns and user interaction. Binary-Affected: Next.js...

4.3CVSS6.7AI score0.00509EPSS
Exploits0References6
cve
cve
added 2025/08/29 10:0 p.m.72 views

CVE-2025-55173

CVE-2025-55173 is a vulnerability in Next.js Image Optimization: attacker-controlled external image sources could cause content injection, enabling file downloads with arbitrary content/filenames under certain configurations and potentially aiding phishing. Affected versions are Next.js before 14...

4.3CVSS6.5AI score0.00509EPSS
Exploits0References3Affected Software1
osv
osv
added 2025/08/29 9:59 p.m.2 views

GHSA-XV57-4MR9-WG8V Next.js Content Injection Vulnerability for Image Optimization

A vulnerability in Next.js Image Optimization has been fixed in v15.4.5 and v14.2.31. The issue allowed attacker-controlled external image sources to trigger file downloads with arbitrary content and filenames under specific configurations. This behavior could be abused for phishing or malicious...

4.3CVSS5.9AI score0.00509EPSS
Exploits0References6
patchstack
patchstack
added 2025/08/26 11:13 a.m.11 views

WordPress Javo Core plugin <= 3.0.0.529 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by Bonds in WordPress Plugin Javo Core versions = 3.0.0.529...

7.5CVSS7AI score0.00313EPSS
Exploits0Affected Software1
redhatcve
redhatcve
added 2025/08/22 6:26 p.m.19 views

CVE-2025-55746

Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file update mechanism which allows an unauthenticated actor to modify existing files with arbitrary contents without changes being applied to the files'...

9.3CVSS7AI score0.00438EPSS
Exploits1References1
nvd
nvd
added 2025/08/20 6:15 p.m.53 views

CVE-2025-55746

Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file update mechanism which allows an unauthenticated actor to modify existing files with arbitrary contents without changes being applied to the files'...

9.3CVSS0.00438EPSS
Exploits1References2
cve
cve
added 2025/08/20 5:58 p.m.126 views

CVE-2025-55746

Directus vulnerability (CVE-2025-55746) affects Directus real-time API/dashboard. From 10.8.0 to before 11.9.3, an issue in the file update mechanism lets an unauthenticated actor modify existing files with arbitrary content and/or upload new files (with arbitrary extensions) without updating dat...

9.3CVSS7.9AI score0.00438EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2025/08/14 10:34 a.m.13 views

CVE-2025-54679 WordPress Neon Channel Product Customizer Free Plugin <= 2.0 - Arbitrary Content Deletion Vulnerability

Missing Authorization vulnerability in vertim Neon Channel Product Customizer Free neon-channel-product-customizer-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Neon Channel Product Customizer Free: from n/a through = 2.0...

7.5CVSS0.00382EPSS
Exploits0References1
Rows per page
Query Builder