Lucene search
+L

203 matches found

vulnrichment
vulnrichment
added 2025/12/12 3:20 a.m.3 views

CVE-2025-14170 Vimeo SimpleGallery <= 0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification

The Vimeo SimpleGallery plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 0.2. This is due to missing authorization checks on the vimeogalleryadmin function hooked to adminmenu. This makes it possible for authenticated attackers, with Subscriber-lev...

4.3CVSS5.5AI score0.00197EPSS
Exploits0References3
cve
cve
added 2025/12/12 3:20 a.m.21 views

CVE-2025-14170

CVE-2025-14170 (Vimeo SimpleGallery) : The WordPress plugin Vimeo SimpleGallery is vulnerable to Missing Authorization in all versions up to 0.2 due to missing authorization checks in vimeogallery_admin hooked to admin_menu. This allows authenticated attackers with Subscriber-level access and abo...

4.3CVSS5.5AI score0.00197EPSS
Exploits0References3
patchstack
patchstack
added 2025/12/11 8:54 p.m.8 views

WordPress Vimeo SimpleGallery plugin <= 0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Settings Modification vulnerability discovered by Legion Hunter in WordPress Plugin Vimeo SimpleGallery versions = 0.2...

5.3CVSS6.7AI score0.00197EPSS
Exploits0References1Affected Software1
euvd
euvd
added 2025/11/21 9:30 a.m.6 views

EUVD-2025-198404

The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the uipsavesiteoption function in all versions up to, and including, 3.5.08. This makes it possible for authenticate...

4.3CVSS4.8AI score0.00201EPSS
Exploits0References5
patchstack
patchstack
added 2025/11/17 11:11 p.m.11 views

WordPress Download Panel plugin <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Settings Modification vulnerability discovered by Ivan Cese in WordPress Plugin Download Panel Biggiko Team versions = 1.3.3...

4.3CVSS7AI score0.0022EPSS
Exploits0References1Affected Software1
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-48790

Malicious code in bioql PyPI...

9.8CVSS6.4AI score0.01197EPSS
Exploits0References8
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-25743

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00579EPSS
Exploits1References2
cve
cve
added 2025/08/25 12:0 a.m.22 views

CVE-2025-29515

CVE-2025-29515 affects D-Link DSL-7740C: the DELT_file.xgi endpoint has improper access control, enabling an attacker to modify arbitrary settings in the device’s XML database, including the administrator password. Affected component is the DELT_file.xgi API, within firmware DSL7740C.V6.TR069.202...

9.8CVSS7.3AI score0.00579EPSS
Exploits1References2Affected Software1
ptsecurity
ptsecurity
added 2025/08/06 12:0 a.m.5 views

PT-2025-32015 · Unknown · Screen Management Module

Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: This issue allows setting the screen rotation direction without permission verification within the screen management module. Successful exploitation may lead to arbitrary screen orientation setting...

6.2CVSS6.3AI score0.00102EPSS
Exploits0References5
redhatcve
redhatcve
added 2025/05/22 9:37 p.m.19 views

CVE-2021-25032

The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a...

9.8CVSS7AI score0.06745EPSS
Exploits2References1
nvd
nvd
added 2025/04/30 6:15 a.m.27 views

CVE-2025-3953

The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionUpdater' function in all versions up to, and including, 14.13.3. This makes it possible for authenticated...

5.4CVSS0.00226EPSS
Exploits0References3
cvelist
cvelist
added 2025/04/30 5:23 a.m.29 views

CVE-2025-3953 WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin <= 14.13.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Update

The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionUpdater' function in all versions up to, and including, 14.13.3. This makes it possible for authenticated...

5.4CVSS0.00226EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/02/05 11:53 a.m.9 views

CVE-2024-7950

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Local File Inclusion, Arbitrary Settings Update, and User Creation in all versions up to, and including, 2.1.6 via several functions called by the 'checkFormRequest' function...

9.8CVSS7.8AI score0.01197EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2024/12/17 12:0 a.m.4 views

PT-2024-35444 · Unknown +1 · Ldap Account Manager +1

Name of the Vulnerable Software and Affected Versions: LDAP Account Manager LAM versions prior to 9.0 Description: LDAP Account Manager LAM is a php webfrontend for managing entries stored in an LDAP directory. In affected versions, LAM does not properly sanitize configuration values set via...

6.5CVSS6.5AI score0.0071EPSS
Exploits0References16
vulnrichment
vulnrichment
added 2024/11/01 2:18 p.m.9 views

CVE-2024-37232 WordPress Hercules Core plugin <= 6.5 - Subscriber+ Arbitrary Settings Change/Access vulnerability

Missing Authorization vulnerability in Hercules Design Hercules Core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hercules Core: from n/a through 6.5...

8.8CVSS6.9AI score0.00431EPSS
Exploits0References1
osv
osv
added 2024/09/04 3:15 a.m.10 views

CVE-2024-7950

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Local File Inclusion, Arbitrary Settings Update, and User Creation in all versions up to, and including, 2.1.6 via several functions called by the 'checkFormRequest' function...

9.8CVSS6.3AI score0.01197EPSS
Exploits0References8
nvd
nvd
added 2024/09/04 3:15 a.m.39 views

CVE-2024-7950

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Local File Inclusion, Arbitrary Settings Update, and User Creation in all versions up to, and including, 2.1.6 via several functions called by the 'checkFormRequest' function...

9.8CVSS0.01197EPSS
Exploits0References8
cve
cve
added 2024/09/04 2:33 a.m.70 views

CVE-2024-7950

The WP Job Portal plugin for WordPress (versions up to and including 2.1.6) is vulnerable to unauthenticated Local File Inclusion, Arbitrary Settings Update, and User Creation via functions invoked by checkFormRequest. Attackers can include and execute arbitrary PHP files on the server, potential...

9.8CVSS9.8AI score0.01197EPSS
Exploits0References8Affected Software1
vulnrichment
vulnrichment
added 2024/09/04 2:33 a.m.17 views

CVE-2024-7950 WP Job Portal <= 2.1.6 - Missing Authorization to Unauthenticated Local File Inclusion, Arbitrary Settings Update, and User Creation

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Local File Inclusion, Arbitrary Settings Update, and User Creation in all versions up to, and including, 2.1.6 via several functions called by the 'checkFormRequest' function...

9.8CVSS8.1AI score0.01197EPSS
Exploits0References8
cvelist
cvelist
added 2024/09/04 2:33 a.m.47 views

CVE-2024-7950 WP Job Portal <= 2.1.6 - Missing Authorization to Unauthenticated Local File Inclusion, Arbitrary Settings Update, and User Creation

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Local File Inclusion, Arbitrary Settings Update, and User Creation in all versions up to, and including, 2.1.6 via several functions called by the 'checkFormRequest' function...

9.8CVSS0.01197EPSS
Exploits0References8
Rows per page
Query Builder