Lucene search
+L

276 matches found

Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.11 views

PT-2026-5057

The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...

5.9AI score0.00264EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.8 views

WordPress plugin User Activity Log security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.9AI score0.00264EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/01/20 10:52 p.m.15 views

WordPress Creator LMS - The LMS for Creators, Coaches, and Trainers plugin <= 1.1.12 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update vulnerability

WordPress Creator LMS - The LMS for Creators, Coaches, and Trainers plugin = 1.1.12 - Missing Authorization to Authenticated Contributor+ Arbitrary Options Update vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin Creator LMS versions = 1.1.12...

8.8CVSS5.5AI score0.00271EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/01/20 2:26 p.m.18 views

CVE-2025-15347

The Creator LMS WordPress plugin (

8.8CVSS5.7AI score0.00271EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.7 views

WordPress plugin Creator LMS has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

8.8CVSS5.9AI score0.00271EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/12 12:0 a.m.16 views

PT-2026-2310

Name of the Vulnerable Software and Affected Versions hermes versions 0.8.1 through 0.9.0 Description hermes, a software publication automation workflow, exhibits a flaw where subcommands accept arbitrary options through the -O argument. Providing sensitive data, such as API tokens e.g., via herm...

5.9CVSS6.5AI score0.00154EPSS
Exploits0References16
Cvelist
Cvelist
added 2026/01/07 6:35 a.m.31 views

CVE-2025-14370 Quote Comments <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Update

The Quote Comments plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.0. This is due to missing authorization checks in the quotecommentsaddadmin function. This makes it possible for authenticated attackers, with Subscriber-level access and above...

4.3CVSS0.00158EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.9 views

WordPress Checkout Mestres do WP for WooCommerce plugin 8.6.5 - 8.7.5 - Unauthenticated Arbitrary Options Update vulnerability

WordPress Checkout Mestres do WP for WooCommerce plugin 8.6.5 - 8.7.5 - Unauthenticated Arbitrary Options Update vulnerability discovered by kr0d in WordPress Plugin Checkout Mestres WP versions 8.6.5-8.7.5...

9.8CVSS5.5AI score0.00678EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.10 views

WordPress Email Notifications for Updates plugin <= 1.1.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by kr0d in WordPress Plugin Email Notifications for Updates versions = 1.1.6...

8.8CVSS5.5AI score0.00366EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/13 4:31 a.m.3 views

CVE-2025-14447 AnnunciFunebri Impresa <= 4.7.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Options Deletion

The AnnunciFunebri Impresa plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the annfuresetoptions function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS4.7AI score0.00256EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/12/13 1:5 a.m.6 views

WordPress AnnunciFunebri Impresa plugin <= 4.7.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Options Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary plugin Options Deletion vulnerability discovered by Legion Hunter in WordPress Plugin AnnunciFunebri Impresa versions = 4.7.0...

5.3CVSS5.5AI score0.00256EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2025/12/09 10:28 a.m.206 views

Exploit for CVE-2025-13342

CVE-2025-13342 PoC The Frontend Admin by DynamiApps plugin fo...

9.8CVSS6.4AI score0.00464EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2025/12/03 12:29 p.m.6 views

CVE-2025-13342 Frontend Admin by DynamiApps <= 3.28.20 - Unauthenticated Arbitrary Options Update

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthorized modification of arbitrary WordPress options in all versions up to, and including, 3.28.20. This is due to insufficient capability checks and input validation in the ActionOptions::run save handler. This makes it...

9.8CVSS5.6AI score0.00464EPSS
Exploits2References2
Patchstack
Patchstack
added 2025/11/24 7:22 a.m.10 views

WordPress Realty Portal plugin <= 0.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by kr0d in WordPress Plugin Realty Portal versions = 0.4.1...

8.8CVSS7AI score0.00339EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/21 7:31 a.m.2 views

CVE-2025-11985 Realty Portal <= 0.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

The Realty Portal plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'rpsavepropertysettings' function in versions 0.1 to 0.4.1. This makes it possible for authenticated attackers, with...

8.8CVSS5.7AI score0.00339EPSS
Exploits0References6
Patchstack
Patchstack
added 2025/11/17 10:6 p.m.6 views

WordPress Make Email Customizer for WooCommerce plugin <= 1.0.6 - Authenticated (Subscriber+) Arbitrary Options Update vulnerability

Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Make Email Customizer for WooCommerce versions = 1.0.6...

5.3CVSS7AI score0.0028EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/11/11 6:30 a.m.6 views

EUVD-2025-74049

The Make Email Customizer for WooCommerce WordPress plugin through 1.0.6 lacks proper authorization checks and option validation in its AJAX actions, allowing any authenticated user, such as a Subscriber, to update arbitrary WordPress options...

6.3AI score0.0028EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/11 6:0 a.m.12 views

CVE-2025-11237 Make Email Customizer for WooCommerce <= 1.0.6 - Subscriber+ Arbitrary Options Update

The Make Email Customizer for WooCommerce WordPress plugin through 1.0.6 lacks proper authorization checks and option validation in its AJAX actions, allowing any authenticated user, such as a Subscriber, to update arbitrary WordPress options...

0.0028EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/11 6:0 a.m.4 views

CVE-2025-11237 Make Email Customizer for WooCommerce <= 1.0.6 - Subscriber+ Arbitrary Options Update

The Make Email Customizer for WooCommerce WordPress plugin through 1.0.6 lacks proper authorization checks and option validation in its AJAX actions, allowing any authenticated user, such as a Subscriber, to update arbitrary WordPress options...

6.4AI score0.0028EPSS
Exploits0References1
CVE
CVE
added 2025/11/11 6:0 a.m.20 views

CVE-2025-11237

CVE-2025-11237 concerns the WordPress plugin Make Email Customizer for WooCommerce (

5.3CVSS6.4AI score0.0028EPSS
Exploits0References1
Rows per page
Query Builder