Lucene search
K

166 matches found

NVD
NVD
added 2025/12/04 7:16 a.m.4 views

CVE-2025-12782

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.9.4. This is due to the plugin not properly verifying a user's authorization in the disable function. This makes it possible for authenticated attackers,...

4.3CVSS0.00251EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/04 6:48 a.m.4 views

CVE-2025-12782 Beaver Builder – WordPress Page Builder <= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Builder Status Tampering

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.9.4. This is due to the plugin not properly verifying a user's authorization in the disable function. This makes it possible for authenticated attackers,...

4.3CVSS5.6AI score0.00251EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/04 6:48 a.m.24 views

CVE-2025-12782 Beaver Builder – WordPress Page Builder <= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Builder Status Tampering

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.9.4. This is due to the plugin not properly verifying a user's authorization in the disable function. This makes it possible for authenticated attackers,...

4.3CVSS0.00251EPSS
Exploits0References2
CVE
CVE
added 2025/12/04 6:48 a.m.10 views

CVE-2025-12782

Beaver Builder – WordPress Page Builder (Beaver Builder Lite) is affected by CVE-2025-12782 due to an authorization bypass in the disable() path that fails to properly verify user permissions. The issue affects all versions up to 2.9.4, enabling authenticated users with at least Contributor acces...

4.3CVSS5.6AI score0.00251EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.6 views

PT-2025-47983

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'deleteUserCcDraftPost' function in all versions up to, and including, 8.7.0. This makes it possible for authenticated attackers, wi...

5.4CVSS5.2AI score0.00221EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/11/19 7:26 a.m.5 views

CVE-2025-12524

The Post Type Switcher plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.0.0 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to modify the post type...

5.4CVSS5.7AI score0.0025EPSS
Exploits0References1
OSV
OSV
added 2025/11/18 3:34 p.m.6 views

GO-2025-4129 Mattermost allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL in github.com/mattermost/mattermost-server

Mattermost allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL in github.com/mattermost/mattermost-server...

5.4CVSS6.8AI score0.00163EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/11/18 6:43 a.m.4 views

CVE-2025-12524 Post Type Switcher <= 4.0.0 - Insecure Direct Object Reference to Authenticated (Author+) Post Type Change

The Post Type Switcher plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.0.0 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to modify the post type...

5.4CVSS5.3AI score0.0025EPSS
Exploits0References6
Snyk
Snyk
added 2025/11/14 8:43 a.m.4 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the MSTeams plugin OAuth flow. An attacker can modify arbitrary posts by sending a crafted OAuth redirect URL. Remediation Upgrade...

5.4CVSS6.5AI score0.00163EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/14 8:43 a.m.3 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the MSTeams plugin OAuth flow. An attacker can modify arbitrary posts by sending a crafted OAuth redirect URL. Remediation Upgrade...

5.4CVSS6.5AI score0.00163EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/14 8:3 a.m.10 views

CVE-2025-55073 MS Teams plugin OAuth allows editing arbitrary posts

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11, 10.12.x = 10.12.0 fail to validate the relationship between the post being updated and the MSTeams plugin OAuth flow which allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL...

5.4CVSS0.00163EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/08 12:55 a.m.10 views

CVE-2025-63687

An issue was discovered in rymcu forest thru commit f782e85 2025-09-04 in function doBefore in file src/main/java/com/rymcu/forest/core/service/security/AuthorshipAspect.java, allowing authorized attackers to delete arbitrary users posts...

6.5CVSS7AI score0.00225EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/07 6:30 p.m.5 views

EUVD-2025-38289

An issue was discovered in rymcu forest thru commit f782e85 2025-09-04 in function doBefore in file src/main/java/com/rymcu/forest/core/service/security/AuthorshipAspect.java, allowing authorized attackers to delete arbitrary users posts...

6.5AI score0.00225EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/11/07 12:0 a.m.3 views

CVE-2025-63687

An issue was discovered in rymcu forest thru commit f782e85 2025-09-04 in function doBefore in file src/main/java/com/rymcu/forest/core/service/security/AuthorshipAspect.java, allowing authorized attackers to delete arbitrary users posts...

6.6AI score0.00225EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/11/07 12:0 a.m.8 views

CVE-2025-63687

An issue was discovered in rymcu forest thru commit f782e85 2025-09-04 in function doBefore in file src/main/java/com/rymcu/forest/core/service/security/AuthorshipAspect.java, allowing authorized attackers to delete arbitrary users posts...

0.00225EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.6 views

PT-2025-44943

The Ai Auto Tool Content Writing Assistant Gemini Writer, ChatGPT All in One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save post data function in versions 2.0.7 to 2.2.6. This makes it possible for authenticated attackers, wit...

4.3CVSS5.6AI score0.00178EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2006-3416

Malware in sbrugna...

7.5CVSS6.4AI score0.01507EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-6086

Malicious code in bioql PyPI...

4.3CVSS9.2AI score0.0018EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 8:27 a.m.11 views

CVE-2024-5977

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.13.0 via the 'handleRequest' function due to missing validation on a user controlled key. This makes it possible for authenticated...

5.4CVSS6.6AI score0.00428EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:41 a.m.8 views

CVE-2023-0749

The Ocean Extra WordPress plugin before 2.1.3 does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, such as draft, private or even password protected ones...

6.5CVSS6.9AI score0.00654EPSS
Exploits2References1
Rows per page
Query Builder