Lucene search
K

241 matches found

CNNVD
CNNVD
added 2026/02/11 12:0 a.m.10 views

WordPress plugin Pix para Woocommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

6.5CVSS5.8AI score0.00307EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.4 views

PT-2026-6034

Name of the Vulnerable Software and Affected Versions ProfileGrid – User Profiles, Groups and Communities plugin for WordPress versions through 5.9.7.2 Description The ProfileGrid plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This is due to the update user meta...

5.3CVSS5.4AI score0.00315EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/01/25 12:0 a.m.12 views

PT-2026-4645

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-ajax-hooks.php due to insufficient restrictions on which posts can be included. This makes it...

4.3CVSS5.6AI score0.00196EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/14 5:28 a.m.3 views

CVE-2025-14854 WP-CRM System – Manage Clients and Projects <= 3.4.5 - Missing Authorization to Authenticated (Subscriber+) CRM Data Exposure and Task Modification

The WP-CRM System plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on the wpcrmgetemailrecipients and wpcrmsystemajaxtaskchangestatus AJAX functions in all versions up to, and including, 3.4.5. This makes it possible for authenticated attackers, with...

5.4CVSS5.1AI score0.00222EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/14 5:28 a.m.30 views

CVE-2025-14854 WP-CRM System – Manage Clients and Projects <= 3.4.5 - Missing Authorization to Authenticated (Subscriber+) CRM Data Exposure and Task Modification

The WP-CRM System plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on the wpcrmgetemailrecipients and wpcrmsystemajaxtaskchangestatus AJAX functions in all versions up to, and including, 3.4.5. This makes it possible for authenticated attackers, with...

5.4CVSS0.00222EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 10:46 a.m.6 views

CVE-2022-0814

The Ubigeo de Perú para Woocommerce WordPress plugin before 3.6.4 does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections...

9.8CVSS7.5AI score0.09495EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:18 a.m.5 views

CVE-2025-12449

The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data and disclosure of sensitive information due to missing capability checks on multiple AJAX actions in all versions up to, and including, 2.4.0. This makes it possible for authenticated...

5.4CVSS5AI score0.00227EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.3 views

WordPress plugin SVG Map Plugin 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site reques...

6.1CVSS6.5AI score0.00115EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.3 views

WordPress plugin aBlocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

5.4CVSS6.1AI score0.00227EPSS
Exploits0References4
CNVD
CNVD
added 2025/12/16 12:0 a.m.5 views

WordPress Upload.am Arbitrary Option Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. An arbitrary option disclosure vulnerability exists in WordPress Upload.am, which stems from a lack of capability checking by the AJAX request processor, which can be...

4.9CVSS6.3AI score0.00235EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/13 4:31 a.m.27 views

CVE-2025-14395 Popover Windows <= 1.2 - Missing Authorization to Authenticated (Subscriber+) Popover Configuration Update via AJAX Actions

The Popover Windows plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple ajax actions e.g., popsubmit, popthemesubmit in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with subscriber-lev...

4.3CVSS0.00158EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/12 6:0 a.m.40 views

CVE-2025-10684 Construction Light < 1.6.8 - Subscriber+ Arbitrary Plugin Activation

The Construction Light WordPress theme before 1.6.8 does not have authorisation and CSRF when activating via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary...

0.00102EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.3 views

WordPress plugin Construction Light 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

4.3CVSS6.6AI score0.00102EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/06 6:58 a.m.12 views

CVE-2025-12093

The Voidek Employee Portal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.7. This makes it possible for unauthenticated attackers to perform several actions like registering an account,...

5.3CVSS5.9AI score0.00236EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/02 12:0 a.m.7 views

WordPress plugin db-access 安全漏洞

WordPress db-access is the core part of the WordPress system that interacts with the database. WordPress db-access exists SQL injection vulnerability, the vulnerability stems from the lack of authorization for AJAX operations, an attacker can use this vulnerability by sending malicious SQL comman...

7.7CVSS7.9AI score0.00274EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/11/26 12:0 a.m.4 views

WordPress plugin TAX SERVICE Electronic HDM 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A lack of authorization vulnerability exists in WordPress TAX SERVICE Electronic HDM, which stems from a lack of authorization and CSRF checks in AJAX operations. An attacker...

8.6CVSS6.5AI score0.00155EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.8 views

PT-2025-47428

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'directorist prepare listings export file' and 'directorist type slug change' AJAX actions in all versions up to, a...

6.5CVSS5.2AI score0.00172EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/11 7:48 p.m.4 views

CVE-2025-47773

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is edited via an AJAX call. Versions 2.7.13 and 3.2.2 protect rendered HTML content...

8.8CVSS6AI score0.00194EPSS
Exploits0References1
Fedora
Fedora
added 2025/11/05 2:3 a.m.5 views

[SECURITY] Fedora 42 Update: openapi-python-client-0.26.2-6.fc42

The openapi-python-client is a powerful tool designed to generate modern Python clients from OpenAPI 3.0+ documents supporting both synchronous and asynchronous HTTP requests. It automates the creation of Python classes and methods that correspond to the endpoints and schema defined in your OpenA...

6.9AI score
Exploits0
Fedora
Fedora
added 2025/11/03 1:7 a.m.7 views

[SECURITY] Fedora 42 Update: openapi-python-client-0.26.2-4.fc42

The openapi-python-client is a powerful tool designed to generate modern Python clients from OpenAPI 3.0+ documents supporting both synchronous and asynchronous HTTP requests. It automates the creation of Python classes and methods that correspond to the endpoints and schema defined in your OpenA...

8.1CVSS6.9AI score0.00688EPSS
Exploits1
Rows per page
Query Builder