Lucene search
K

102 matches found

Nuclei
Nuclei
added yesterday15 views

ShortCode Addons - Unauthenticated Options Update

WordPress plugin Shortcode Addons = 3.0.2 contains an unauthenticated arbitrary option update caused by insufficient access controls in the plugin, letting attackers modify options without authentication. id: CVE-2022-34487 info: name: ShortCode Addons - Unauthenticated Options Update author:...

9.8CVSS6.2AI score0.02654EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday12 views

10Web Booster < 2.24.18 - Unauthenticated Arbitrary Option Deletion

The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service. id: CVE-2023-5559 info: name: 10Web Booster 2.24.18 - Unauthenticated Arbitra...

9.1CVSS7.3AI score0.02811EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday19 views

Pinterest Automatic < 4.14.4 - Unauthenticated Arbitrary Options Update

The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wppinterestautomaticparserequest' function and the 'processform.php' script in versions up to, and including, 1.14.3. This makes it possible for unauthenticated attackers to...

9.8CVSS7.2AI score0.04528EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/24 5:33 a.m.8 views

EUVD-2026-38664

The Welcome Software Publishing plugin for WordPress is vulnerable to Arbitrary Options Update in all versions up to and including 0.0.31. This is due to a missing capability check in the ncsetOption function, which is exposed via the nc.setOption XML-RPC method. The function authenticates the us...

8.8CVSS5.8AI score0.00463EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/18 3:41 a.m.21 views

CVE-2026-12407 E2Pdf <= 1.32.26 - Missing Authorization to Authenticated (Custom+) Arbitrary Option Update / Privilege Escalation via 'screen_action' Parameter

The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.32.26. This is due to the screenaction function lacking a dedicated capability check and nonce verification — when invoked via the ?action=screen routing path...

8.8CVSS0.00387EPSS
Exploits0References10
Patchstack
Patchstack
added 2026/06/17 2:55 p.m.6 views

WordPress E2Pdf – Export Pdf Tool for WordPress plugin <= 1.32.26 - Missing Authorization to Authenticated (Custom+) Arbitrary Option Update / Privilege Escalation vulnerability

Missing Authorization to Authenticated Custom+ Arbitrary Option Update / Privilege Escalation vulnerability discovered by endy in WordPress Plugin e2pdf versions = 1.32.26...

8.8CVSS5.3AI score0.00387EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/17 6:44 a.m.69 views

CVE-2026-6441 Canto <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Setting Modification

The Canto plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 3.1.1. This is due to the absence of any capability check or nonce verification in the updateOptions function, which is exposed via two AJAX hooks: wpajaxupdateOptions class-canto.php line 231 an...

4.3CVSS0.00282EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/04/17 6:44 a.m.4 views

CVE-2026-6441 Canto <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Setting Modification

The Canto plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 3.1.1. This is due to the absence of any capability check or nonce verification in the updateOptions function, which is exposed via two AJAX hooks: wpajaxupdateOptions class-canto.php line 231 an...

4.3CVSS5.7AI score0.00282EPSS
Exploits0References7
CVE
CVE
added 2026/02/09 11:23 p.m.19 views

CVE-2026-0845

The CVE affects the WordPress ecosystem: WCFM – Frontend Manager for WooCommerce with the Bookings Subscription Listings Compatible plugin for WordPress. It has a missing capability check in WCFM_Settings_Controller::processing across all versions up to and including 6.7.24, allowing authenticate...

7.2CVSS5.7AI score0.00436EPSS
Exploits0References4
CNVD
CNVD
added 2025/12/16 12:0 a.m.5 views

WordPress Upload.am Arbitrary Option Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. An arbitrary option disclosure vulnerability exists in WordPress Upload.am, which stems from a lack of capability checking by the AJAX request processor, which can be...

4.9CVSS6.3AI score0.00235EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/02 11:40 p.m.10 views

WordPress Upload.am plugin < 1.0.1 - Contributor+ Arbitrary Option Disclosure vulnerability

Contributor+ Arbitrary Option Disclosure vulnerability discovered by Beatriz Fresno Naumova beafn28 in WordPress Plugin Upload.am versions 1.0.1...

4.9CVSS6.7AI score0.00235EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.7 views

PT-2025-48709

CVE-2025-12630 The https://t.co/qJXADBHssq WordPress plugin before 1.0.1 is vulnerable to arbitrary option disclosure due to a missing capability check on its AJAX request handler, allowing user… https://t.co/IEMrlN1EhJ...

4.9CVSS6.6AI score0.00235EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.12 views

EUVD-2015-3672

Malware in sbrugna...

7.5CVSS7.6AI score0.03488EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2021-34630

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00385EPSS
Exploits1References5
CVE
CVE
added 2025/06/07 4:37 a.m.70 views

CVE-2025-47601

CVE-2025-47601 concerns the WordPress MaxiBlocks plugin. Affected software: MaxiBlocks versions up to 2.1.0 (listed as n/a through 2.1.0). Root cause: Missing authorization enables privilege escalation. CVSSv3.1 base score 8.8 (High); attack vector Network, authentication required Low, user inter...

8.8CVSS5.9AI score0.00277EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/07 4:37 a.m.21 views

CVE-2025-47601 WordPress MaxiBlocks plugin <= 2.1.0 - Arbitrary Option Update to Privilege Escalation vulnerability

Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks maxi-blocks allows Privilege Escalation.This issue affects MaxiBlocks: from n/a through = 2.1.0...

8.8CVSS0.00277EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:57 a.m.13 views

CVE-2023-6700

The Cookie Information | Free GDPR Consent Solution plugin for WordPress is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler in versions up to, and including, 2.0.22. This makes it possible for authenticated attackers, with subscriber-level acce...

8.8CVSS6.5AI score0.0147EPSS
Exploits2References1
CVE
CVE
added 2025/05/01 4:22 a.m.68 views

CVE-2025-3952

CVE-2025-3952: Projectopia – WordPress Project Management plugin (versions

8.1CVSS6.6AI score0.00361EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/26 6:0 a.m.9 views

CVE-2025-2907 Order Delivery Date Pro for WooCommerce < 12.3.1 - Unauthenticated Arbitrary Option Update

The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Furthermore it also lacks proper checks to only update options relevant to the Order Delivery Date WordPress plugin before 12.3.1. This leads to attackers being able to modi...

6.8AI score0.01286EPSS
Exploits2References1
NVD
NVD
added 2025/04/19 6:15 a.m.15 views

CVE-2025-2111

The Insert Headers And Footers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.1. This is due to missing or incorrect nonce validation on the 'custompluginsetoption' function. This makes it possible for unauthenticated attackers to update...

7.5CVSS0.00204EPSS
Exploits0References4
Rows per page
Query Builder