Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.9 views

CVE-2026-7651

The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.5. This is due to missing...

5.3CVSS5.6AI score0.0035EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/24 8:24 a.m.5 views

EUVD-2025-35806

The Microsoft Azure Storage for WordPress plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Deletion in all versions up to, and including, 4.5.1. This is due to missing capability checks on the 'azure-storage-media-replace' AJAX action. This makes it possible for authenticated...

5.4CVSS5.2AI score0.00247EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/10/24 8:24 a.m.9 views

CVE-2025-10749 Microsoft Azure Storage for WordPress <= 4.5.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Media Deletion

The Microsoft Azure Storage for WordPress plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Deletion in all versions up to, and including, 4.5.1. This is due to missing capability checks on the 'azure-storage-media-replace' AJAX action. This makes it possible for authenticated...

5.4CVSS0.00247EPSS
Exploits0References4
CVE
CVE
added 2024/08/29 3:30 a.m.57 views

CVE-2024-5857

CVE-2024-5857 affects Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free (WordPress). A missing capability check on the af2_handel_file_remove AJAX action in all versions up to 3.7.3.2 allows unauthenticated attackers to delete arbitrary media files. C...

5.3CVSS5.6AI score0.00317EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/29 3:30 a.m.17 views

CVE-2024-5857 Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free <= 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Deletion

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the af2handelfileremove AJAX action in all versions up to, and including, 3.7.3.2. This makes it...

5.3CVSS5.2AI score0.00317EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/29 3:30 a.m.35 views

CVE-2024-5857 Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free <= 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Deletion

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the af2handelfileremove AJAX action in all versions up to, and including, 3.7.3.2. This makes it...

5.3CVSS0.00317EPSS
Exploits0References2
Rows per page
Query Builder