Lucene search
K

96 matches found

NVD
NVD
added yesterday4 views

CVE-2026-61952

Missing Authorization vulnerability in Jose Vega WooCommerce Bulk Edit Products – WP Sheet Editor woo-bulk-edit-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Bulk Edit Products – WP Sheet Editor: from n/a through = 1.8.21...

4.9CVSS0.00331EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday16 views

CVE-2026-61952 WordPress WooCommerce Bulk Edit Products – WP Sheet Editor plugin <= 1.8.21 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jose Vega WooCommerce Bulk Edit Products – WP Sheet Editor woo-bulk-edit-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Bulk Edit Products – WP Sheet Editor: from n/a through = 1.8.21...

4.9CVSS0.00331EPSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-61952

Summary: CVE-2026-61952 affects the WordPress WooCommerce plugin “WooCommerce Bulk Edit Products – WP Sheet Editor” (versions up to and including 1.8.21). The issue is a broken access control due to missing authorization, enabling exploitation through insecure access control configurations. Affec...

4.9CVSS6.1AI score0.00331EPSS
Exploits0References1
CVE
CVE
added 4 days ago6 views

CVE-2026-55460

CVE-2026-55460 affects Snipe-IT (IT asset/license management system). Before version 8.6.2, an authenticated non-admin user who had rights users.view and users.edit but not users.delete could directly POST to /users/bulksave with delete_user=1 because BulkUsersController::destroy() authorized onl...

7.1CVSS6.1AI score0.00285EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 7:46 a.m.9 views

CVE-2026-6075

The Media Library Assistant plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.35 This is due to missing nonce verification on the bulk action handlers in the settings tab handlers. This makes it possible for unauthenticated attackers to trick an...

8.1CVSS5.8AI score0.00203EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/05/29 7:46 a.m.56 views

CVE-2026-6075 Media Library Assistant <= 3.35 - Cross-Site Request Forgery via Bulk Action Form

The Media Library Assistant plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.35 This is due to missing nonce verification on the bulk action handlers in the settings tab handlers. This makes it possible for unauthenticated attackers to trick an...

8.1CVSS0.00203EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/05/28 8:47 p.m.34 views

CVE-2026-45342 LinkAce: IDOR in Update Policies Allows Any Authenticated User to Overwrite Other Users' Links, Lists, Tags, and Notes

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains an Insecure Direct Object Reference vulnerability in the authorization policy layer that allows any authenticated user to modify resources owned by other users. The affected resource types are links, lists...

7.1CVSS0.00225EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 8:47 p.m.14 views

CVE-2026-45342 LinkAce: IDOR in Update Policies Allows Any Authenticated User to Overwrite Other Users' Links, Lists, Tags, and Notes

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains an Insecure Direct Object Reference vulnerability in the authorization policy layer that allows any authenticated user to modify resources owned by other users. The affected resource types are links, lists...

7.1CVSS5.8AI score0.00225EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 8:47 p.m.12 views

EUVD-2026-33056

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains an Insecure Direct Object Reference vulnerability in the authorization policy layer that allows any authenticated user to modify resources owned by other users. The affected resource types are links, lists...

7.1CVSS5.8AI score0.00225EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 8:47 p.m.20 views

CVE-2026-45342

LinkAce prior to version 2.5.6 is affected by an Insecure Direct Object Reference (IDOR) in the authorization policy layer. The root cause is in update() policy methods (LinkPolicy, LinkListPolicy, TagPolicy, NotePolicy) where access checks delegate to userCanAccessX(), which returns true for any...

7.1CVSS5.8AI score0.00225EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.14 views

PT-2026-44542

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains an Insecure Direct Object Reference vulnerability in the authorization policy layer that allows any authenticated user to modify resources owned by other users. The affected resource types are links, lists...

7.1CVSS5.8AI score0.00225EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/01 9:32 a.m.7 views

WordPress Bulk Edit Posts and Products in Spreadsheet plugin <= 2.25.16 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Bulk Edit Posts and Products in Spreadsheet versions = 2.25.16...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:18 p.m.5 views

CVE-2026-32431

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Astra Bulk Edit astra-bulk-edit allows DOM-Based XSS.This issue affects Astra Bulk Edit: from n/a through = 1.2.10...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References1
CNVD
CNVD
added 2026/03/19 12:0 a.m.6 views

WordPress Plugin Astra Bulk Edit Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin Astra Bulk Edit, which stem...

6.5CVSS5.5AI score0.00161EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/13 9:31 p.m.7 views

EUVD-2026-11965

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Astra Bulk Edit astra-bulk-edit allows DOM-Based XSS.This issue affects Astra Bulk Edit: from n/a through = 1.2.10...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References2
NVD
NVD
added 2026/03/13 7:55 p.m.7 views

CVE-2026-32431

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Astra Bulk Edit astra-bulk-edit allows DOM-Based XSS.This issue affects Astra Bulk Edit: from n/a through = 1.2.10...

6.5CVSS0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/13 11:42 a.m.25 views

CVE-2026-32431 WordPress Astra Bulk Edit plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Astra Bulk Edit astra-bulk-edit allows DOM-Based XSS.This issue affects Astra Bulk Edit: from n/a through = 1.2.10...

6.5CVSS0.00161EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/13 11:42 a.m.2 views

CVE-2026-32431 WordPress Astra Bulk Edit plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Astra Bulk Edit astra-bulk-edit allows DOM-Based XSS.This issue affects Astra Bulk Edit: from n/a through = 1.2.10...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References1
CVE
CVE
added 2026/03/13 11:42 a.m.14 views

CVE-2026-32431

The CVE concerns the WordPress plugin Astra Bulk Edit (Brainstorm Force) for Astra Bulk Edit, specifically the astra-bulk-edit component. It describes a DOM-based XSS introduced by improper neutralization of input during web page generation, resulting in a Cross-Site Scripting vulnerability. Affe...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/13 11:42 a.m.2 views

CVE-2026-32431

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Astra Bulk Edit astra-bulk-edit allows DOM-Based XSS.This issue affects Astra Bulk Edit: from n/a through = 1.2.10...

5.8AI score0.00161EPSS
Exploits0References2
Rows per page
Query Builder