Lucene search
K

30 matches found

NVD
NVD
added 5 days ago7 views

CVE-2026-13459

The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS0.00333EPSS
Exploits0References12
CVE
CVE
added 5 days ago15 views

CVE-2026-13459

JetFormBuilder for WordPress (Dynamic Blocks Form Builder) is affected up to version 3.6.3 due to an authorization bypass in the get_from_db generator. Unauthenticated attackers can retrieve distinct values stored in wp_postmeta (including Woocommerce PII like _billing_email, _billing_phone, and ...

5.3CVSS5.8AI score0.00333EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/06/22 9:4 p.m.18 views

CVE-2026-56311 Capgo - Unauthenticated Cross-Tenant Disclosure via get_current_plan_max_org RPC

Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.getcurrentplanmaxorg RPC function that allows unauthenticated attackers to retrieve arbitrary organization plan limits. Attackers can call the RPC endpoint with any organization UUID using only the public Supabase...

6.9CVSS0.00265EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 9:4 p.m.7 views

CVE-2026-56311

Capgo (before 12.128.2) contains an authorization bypass in public.get_current_plan_max_org RPC that allows unauthenticated access to arbitrary organization plan limits. An attacker can call the RPC with any organization UUID using only the public Supabase key to disclose billing information (MAU...

6.9CVSS6AI score0.00265EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/07 8:59 a.m.15 views

CVE-2026-8611

The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoiceid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS5.6AI score0.00234EPSS
Exploits0References1
NVD
NVD
added 2026/06/06 5:16 a.m.15 views

CVE-2026-8611

The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoiceid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS0.00234EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.10 views

WordPress plugin Klamra Paycal for Aspaclaria 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

4.3CVSS5.6AI score0.00234EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.20 views

PT-2026-47141

The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoice id' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS5.6AI score0.00234EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/03/18 3:28 p.m.8 views

CVE-2026-2991 KiviCare – Clinic & Patient Management System (EHR) <= 4.1.2 - Unauthenticated Authentication Bypass via Social Login Token

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.1.2. This is due to the patientSocialLogin function not verifying the social provider access token before authenticating a user. This makes it...

7.3CVSS5.9AI score0.00434EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/19 4:36 a.m.26 views

CVE-2025-14294 Razorpay for WooCommerce <= 4.7.8 - Missing Authentication to Unauthenticated Order Modification

The Razorpay for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getCouponList function in all versions up to, and including, 4.7.8. This is due to the checkAuthCredentials permission callback always returning true,...

5.3CVSS0.00353EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/19 4:36 a.m.3 views

CVE-2025-14294 Razorpay for WooCommerce <= 4.7.8 - Missing Authentication to Unauthenticated Order Modification

The Razorpay for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getCouponList function in all versions up to, and including, 4.7.8. This is due to the checkAuthCredentials permission callback always returning true,...

5.3CVSS5.6AI score0.00353EPSS
Exploits0References5
EUVD
EUVD
added 2026/02/01 12:15 p.m.4 views

EUVD-2021-34763

Multiple payment terminal versions contain non-persistent cross-site scripting vulnerabilities in billing and payment information input fields. Attackers can inject malicious script code through vulnerable parameters to manipulate client-side requests and potentially execute session hijacking or...

6.4CVSS5.9AI score0.00251EPSS
Exploits0References5
NVD
NVD
added 2025/11/19 7:15 a.m.3 views

CVE-2025-13085

The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Improper Authorization leading to Sensitive Post Meta Disclosure in versions up to and including 1.3.2. This is due to missing object-level authorization checks in the resolvevariables AJAX handler. This makes it possible for...

4.3CVSS0.00207EPSS
Exploits0References5
Hacker One
Hacker One
added 2025/11/09 2:26 p.m.14 views

lemlist: Authentication Bypass in Subscription Management Endpoint

A vulnerability was identified in the subscription management functionality that allowed unauthorized access to customer billing information. The issue stemmed from insufficient authentication and authorization controls on an API endpoint. The vulnerability was classified as an Insecure Direct...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.6 views

PT-2025-44275

Name of the Vulnerable Software and Affected Versions Call Now Button versions prior to 1.5.5 Description The Call Now Button plugin for WordPress is susceptible to unauthorized data access because of a missing capability check in multiple functions. Attackers with Subscriber-level access or high...

4.3CVSS6AI score0.00246EPSS
Exploits0References10
OSV
OSV
added 2025/08/14 6:52 p.m.4 views

MAL-2025-7119 Malicious code in @billing-info/common (npm)

The package @billing-info/common was found to contain malicious code...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 9:54 p.m.14 views

CVE-2022-2429

The Ultimate SMS Notifications for WooCommerce plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.1 via the 'Export Utility' functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into billing...

8CVSS7AI score0.00653EPSS
Exploits0References1
CNVD
CNVD
added 2025/03/27 12:0 a.m.10 views

Unspecified vulnerability in Lunary (CNVD-2025-06937)

Lunary is Lunary open source a production toolkit for LLM . Lunary has a security vulnerability that stems from improper privilege management, which can be exploited by an attacker to cause an administrator to bypass role controls to access billing information...

7.3CVSS6.9AI score0.00469EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.4 views

Lunary 访问控制错误漏洞

Lunary is Lunary open source a production toolkit for LLM . Lunary has a security vulnerability that stems from improper privilege management, which can be exploited by an attacker to cause an administrator to bypass role controls to access billing information...

7.3CVSS6.9AI score0.00469EPSS
Exploits1References2
OSV
OSV
added 2022/09/06 6:15 p.m.7 views

CVE-2022-2429

The Ultimate SMS Notifications for WooCommerce plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.1 via the 'Export Utility' functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into billing...

8CVSS6.2AI score0.00653EPSS
Exploits0References2
Rows per page
Query Builder