Lucene search
K

9 matches found

Cvelist
Cvelist
added 9 hours ago6 views

CVE-2026-12435 Motors <= 1.4.111 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Modification via 'stm_mark_as_sold_car' Parameter

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.111. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS
Exploits0References8
CVE
CVE
added 9 hours ago8 views

CVE-2026-12435

The Motors – Car Dealership & Classified Listings Plugin for WordPress is affected up to version 1.4.111 by an authorization bypass. An authenticated user with subscriber-level access can mark or unmark another user’s car listing as Sold by replaying a valid nonce from their own listing against a...

4.3CVSS5.9AI score
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/12/06 5:49 a.m.2 views

CVE-2025-13629 WP Landing Page <= 0.9.3 - Cross-Site Request Forgery to Arbitrary Post Meta Update

The WP Landing Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the 'wplpapiupdatetext' function. This makes it possible for unauthenticated attackers to update arbitrary post meta via a...

4.3CVSS5AI score0.00126EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/06 5:49 a.m.14 views

CVE-2025-13629 WP Landing Page <= 0.9.3 - Cross-Site Request Forgery to Arbitrary Post Meta Update

The WP Landing Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the 'wplpapiupdatetext' function. This makes it possible for unauthenticated attackers to update arbitrary post meta via a...

4.3CVSS0.00126EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 9:5 p.m.6 views

CVE-2021-24781

The Image Source Control WordPress plugin before 2.3.1 allows users with a role as low as Contributor to change arbitrary post meta fields of arbitrary posts even those they should not be able to edit...

4.3CVSS6.7AI score0.00768EPSS
Exploits2References1
CVE
CVE
added 2025/03/15 2:22 a.m.69 views

CVE-2025-1657

CVE-2025-1657 concerns the Directory Listings WordPress plugin – uListing for WordPress. The Red Hat and NVD entries, plus Wordfence details, state that all versions up to and including 2.1.7 are vulnerable due to a missing capability check on the stm_listing_ajax AJAX action. This allows authent...

8.8CVSS7.2AI score0.00403EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/11/28 4:31 a.m.27 views

CVE-2023-6226 WP Shortcodes Plugin — Shortcodes Ultimate <= 5.13.3 - Insecure Direct Object Reference to Information Disclosure

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the sumeta shortcode due to missing validation on the user controlled keys 'key' and 'postid'. This makes it possible for...

4.3CVSS5AI score0.00529EPSS
Exploits1References3
NVD
NVD
added 2021/11/01 9:15 a.m.12 views

CVE-2021-24781

The Image Source Control WordPress plugin before 2.3.1 allows users with a role as low as Contributor to change arbitrary post meta fields of arbitrary posts even those they should not be able to edit...

4.3CVSS0.00768EPSS
Exploits2References2
Patchstack
Patchstack
added 2021/10/04 12:0 a.m.10 views

WordPress Image Source Control plugin <= 2.3.0 - Arbitrary Post Meta Value Change vulnerability

Arbitrary Post Meta Value Change vulnerability discovered by apple502j in WordPress Image Source Control plugin versions = 2.3.0. Solution Update the WordPress Image Source Control plugin to the latest available version at least 2.3.1...

3.3AI score0.00768EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder