Lucene search
K

318 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2022-43036

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00356EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2025-18629

Malicious code in bioql PyPI...

9.8CVSS6.4AI score0.02904EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/09/18 9:31 a.m.44 views

CVE-2025-8565 Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages <= 3.4.3 - Missing Authorization to Authenticated (Contributor+) Arbitrary Plugin Installation

The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the wplpgdprinstallpluginajaxhandler function in all versions up to, and including, 3.4.3...

8.1CVSS0.00257EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/18 9:31 a.m.3 views

CVE-2025-8565 Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages <= 3.4.3 - Missing Authorization to Authenticated (Contributor+) Arbitrary Plugin Installation

The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the wplpgdprinstallpluginajaxhandler function in all versions up to, and including, 3.4.3...

8.1CVSS4.8AI score0.00257EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/08/20 10:43 p.m.5 views

WordPress Inspiro plugin <= 2.1.2 - Cross-Site Request Forgery to Arbitrary Plugin Installation vulnerability

Cross-Site Request Forgery to Arbitrary Plugin Installation vulnerability discovered by Dmitrii Ignatyev in WordPress Theme Inspiro versions = 2.1.2...

8.1CVSS7AI score0.00199EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/14 7:28 a.m.3 views

CVE-2025-8418

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Arbitrary Plugin Installation in all versions up to, and including, 1.1.30. This is due to missing capability checks on the activatedplugin function. This makes it possible for authenticated attackers, with...

8.8CVSS7.9AI score0.00548EPSS
Exploits0References1
CVE
CVE
added 2025/08/12 6:42 a.m.22 views

CVE-2025-8418

CVE-2025-8418 : B Slider – Gutenberg Slider Block for WP (WordPress) is vulnerable up to version 1.1.30 due to missing capability checks on the activated_plugin function. Authenticated users with subscriber-level access or higher can install arbitrary plugins, potentially enabling remote code exe...

8.8CVSS7.8AI score0.00548EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/12 6:42 a.m.7 views

CVE-2025-8418 B Slider- Gutenberg Slider Block for WP <= 1.1.30 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Plugin Installation

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Arbitrary Plugin Installation in all versions up to, and including, 1.1.30. This is due to missing capability checks on the activatedplugin function. This makes it possible for authenticated attackers, with...

8.8CVSS0.00548EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/12 12:0 a.m.3 views

WordPress plugin B Slider- Gutenberg Slider Block for WP 安全漏洞

WordPress B Slider - Gutenberg Slider Block for WP plugin is a core editor plugin that comes with WordPress and is part of the Gutenberg editor that was introduced in WordPress version 5.9. A code execution vulnerability exists in WordPress B Slider- Gutenberg Slider Block for WP plugin, which...

8.8CVSS7.5AI score0.00548EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/12 12:0 a.m.4 views

PT-2025-32631 · WordPress · B Slider- Gutenberg Slider Block

Name of the Vulnerable Software and Affected Versions: B Slider- Gutenberg Slider Block for WP plugin for WordPress versions up to and including 1.1.30 Description: The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to arbitrary plugin installation due to missing...

8.8CVSS7AI score0.00548EPSS
Exploits0References10
NVD
NVD
added 2025/08/10 4:15 a.m.8 views

CVE-2025-52136

In EMQX before 5.8.6, administrators can install arbitrary novel plugins via the Dashboard web interface. NOTE: the Supplier's position is that this is the intended behavior; however, 5.8.6 adds a defense-in-depth feature in which a plugin's acceptability for later Dashboard installation is set b...

3CVSS0.00257EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2025/08/04 12:0 a.m.9 views

WordPress Alone Theme 7.8.3 Arbitrary Plugin Upload

WordPress Alone Theme versions 7.8.3 and below suffer from an arbitrary plugin upload vulnerability...

9.8CVSS7.2AI score0.47809EPSS
Exploits3
NVD
NVD
added 2025/06/18 8:15 a.m.12 views

CVE-2025-1562

The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the installoractivateaddonplugins function and a weak nonce hash in all...

9.8CVSS0.02904EPSS
Exploits0References6
OSV
OSV
added 2025/06/18 8:15 a.m.2 views

CVE-2025-1562

The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the installoractivateaddonplugins function and a weak nonce hash in all...

9.8CVSS5.7AI score
Exploits0References6
Cvelist
Cvelist
added 2025/06/18 7:22 a.m.17 views

CVE-2025-1562 Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit <= 3.5.3 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation

The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the installoractivateaddonplugins function and a weak nonce hash in all...

9.8CVSS0.02904EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/06/18 12:0 a.m.6 views

WordPress plugin Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

9.8CVSS5.9AI score0.02904EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 2:58 a.m.7 views

CVE-2023-1087

The WC Sales Notification WordPress plugin before 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

4.3CVSS7.8AI score0.00252EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:20 a.m.8 views

CVE-2022-3882

The Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix Plugin WordPress plugin before 2.46 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.o...

6.5CVSS6.8AI score0.00327EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:15 p.m.5 views

CVE-2022-3881

The WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log WordPress plugin before 3.43 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and...

5.7CVSS5.7AI score0.00438EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:4 p.m.24 views

CVE-2021-24356

In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activateplugin, made it possible for authenticated users to activate arbitrary plugins installed on vulnerable sites...

8.8CVSS6.6AI score0.02997EPSS
Exploits3References1
Rows per page
Query Builder