Lucene search
K

318 matches found

Patchstack
Patchstack
added 2026/03/06 8:36 a.m.6 views

WordPress WowOptin: Next-Gen Popup Maker - Create Stunning Popups and Optins for Lead Generation plugin <= 1.4.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Installation vulnerability

WordPress WowOptin: Next-Gen Popup Maker - Create Stunning Popups and Optins for Lead Generation plugin = 1.4.24 - Missing Authorization to Authenticated Subscriber+ Arbitrary plugin Installation vulnerability discovered by WordFence in WordPress Plugin WowOptin versions = 1.4.24...

8.8CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/03/05 2:16 p.m.11 views

CVE-2026-1720

The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the 'installandactiveplugin' function in all versions up to, and including, 1.4.24. This...

8.8CVSS0.00276EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/05 1:24 p.m.4 views

CVE-2026-1720

The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the 'installandactiveplugin' function in all versions up to, and including, 1.4.24. This...

8.8CVSS6AI score0.00276EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/05 1:24 p.m.28 views

CVE-2026-1720 WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation <= 1.4.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation

The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the 'installandactiveplugin' function in all versions up to, and including, 1.4.24. This...

8.8CVSS0.00276EPSS
Exploits0References3
CVE
CVE
added 2026/02/19 4:36 a.m.17 views

CVE-2025-12975

The CVE-2025-12975 entry concerns CTX Feed – WooCommerce Product Feed Manager for WordPress (

7.2CVSS6.2AI score0.00821EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/19 4:36 a.m.3 views

CVE-2025-12975 CTX Feed – WooCommerce Product Feed Manager <= 6.6.11 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Plugin Installation

The CTX Feed – WooCommerce Product Feed Manager plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the woofeedplugininstalling function in all versions up to, and including, 6.6.11. This makes it possible for authenticated...

7.2CVSS6.2AI score0.00821EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.5 views

PT-2026-20596

Name of the Vulnerable Software and Affected Versions CTX Feed – WooCommerce Product Feed Manager plugin for WordPress versions through 6.6.11 Description The CTX Feed – WooCommerce Product Feed Manager plugin for WordPress has a flaw that allows unauthorized arbitrary plugin installation. This i...

7.2CVSS5.8AI score0.00821EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.9 views

WordPress plugin CTX Feed – WooCommerce Product Feed Manager 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.2CVSS6.3AI score0.00821EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/02/18 10:44 p.m.8 views

WordPress CTX Feed - WooCommerce Product Feed Manager plugin <= 6.6.11 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Plugin Installation vulnerability

WordPress CTX Feed - WooCommerce Product Feed Manager plugin = 6.6.11 - Missing Authorization to Authenticated Shop Manager+ Arbitrary Plugin Installation vulnerability discovered by DityaRA in WordPress Plugin CTX Feed versions = 6.6.11...

7.2CVSS5.5AI score0.00821EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/16 7:24 p.m.2 views

CVE-2026-2001 WowRevenue <= 2.1.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation

The WowRevenue plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'Notice::installactivateplugin' function in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with subscriber-level access and...

8.8CVSS6.6AI score0.00377EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/16 7:8 a.m.7 views

CVE-2026-1490

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS PTR record spoofing on the 'checkWithoutToken' function in all versions up to, and including, 6.71. This makes it...

9.8CVSS6.6AI score0.01157EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/15 2:22 a.m.6 views

CVE-2026-1490

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS PTR record spoofing on the 'checkWithoutToken' function in all versions up to, and including, 6.71. This makes it...

9.8CVSS6.6AI score0.01157EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/15 2:22 a.m.2 views

CVE-2026-1490 Spam protection, Honeypot, Anti-Spam by CleanTalk <= 6.71 - Authorization Bypass via Reverse DNS (PTR record) Spoofing to Unauthenticated Arbitrary Plugin Installation

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS PTR record spoofing on the 'checkWithoutToken' function in all versions up to, and including, 6.71. This makes it...

9.8CVSS6.6AI score0.01157EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/15 2:22 a.m.7 views

EUVD-2026-5835

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS PTR record spoofing on the 'checkWithoutToken' function in all versions up to, and including, 6.71. This makes it...

9.8CVSS6.6AI score0.01157EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/15 12:0 a.m.8 views

PT-2026-8222

Name of the Vulnerable Software and Affected Versions CleanTalk versions up to and including 6.71 Description The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress has a flaw that allows unauthorized Arbitrary Plugin Installation. This is due to an authorization bypass via...

9.8CVSS6.5AI score0.01157EPSS
Exploits0References20
Patchstack
Patchstack
added 2026/01/14 12:30 p.m.5 views

WordPress Dreamer Blog theme <= 1.2 - Subscriber+ Arbitrary Plugin Installation vulnerability

Subscriber+ Arbitrary Plugin Installation vulnerability discovered by Khaled Alenazi Nxploited in WordPress Theme Dreamer Blog versions = 1.2...

9.8CVSS7AI score0.00274EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/13 11:5 p.m.7 views

WordPress Perfit WooCommerce plugin <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Plugin Settings Deletion vulnerability discovered by Legion Hunter in WordPress Plugin Perfit WooCommerce versions = 1.0.1...

5.3CVSS7AI score0.00232EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/13 6:0 a.m.2 views

CVE-2025-10915 Dreamer Blog <= 1.2 - Subscriber+ Arbitrary Plugin Installation

The Dreamer Blog WordPress theme through 1.2 is vulnerable to arbitrary installations due to a missing capability check...

6.4AI score0.00274EPSS
Exploits0References1
CVE
CVE
added 2026/01/13 6:0 a.m.21 views

CVE-2025-10915

The Dreamer Blog WordPress theme (≤ 1.2) is reported to be vulnerable to arbitrary plugin installations due to a missing capability check. The CVE entry CVE-2025-10915 maps to this issue. Wordfence notes indicate the Dreamer Blog vulnerability is still unpatched, highlighting a risk of unauthoriz...

9.8CVSS6.4AI score0.00274EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/13 6:0 a.m.25 views

CVE-2025-10915 Dreamer Blog <= 1.2 - Subscriber+ Arbitrary Plugin Installation

The Dreamer Blog WordPress theme through 1.2 is vulnerable to arbitrary installations due to a missing capability check...

0.00274EPSS
Exploits0References1
Rows per page
Query Builder