Lucene search
K

4 matches found

NVD
NVD
added 2026/05/27 8:16 a.m.13 views

CVE-2026-3895

The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lvcaadminajax AJAX action in all versions up to, and including, 3.9.4 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce b...

6.4CVSS0.00223EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.4 views

PT-2026-26721

The RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 4.1132. The plugin exposes two AJAX handlers that, when combined, allow any authenticated user to modify admin-level plugin settings. First, the wc rb get...

5.3CVSS5.9AI score0.00236EPSS
Exploits0References7
WPVulnDB
WPVulnDB
added 2024/01/31 12:0 a.m.24 views

Cookie Information < 2.0.23 - Subscriber+ Arbitrary Options Update

Description The plugin is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler, allowing any authenticated users, such as subscriber to update arbitrary site options PoC Run the below command in the developer console of the web browser while being o...

6.5CVSS8.7AI score0.0147EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.11 views

ARI Stream Quiz <= 1.3.1 - Contributor+ Content Injection

Description The plugin is vulnerable to content injection due to improper capability checks on the quiz editing functionality in all versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with contributor access and above, to publish quizzes containing arbitrary...

6.5AI score0.00357EPSS
Exploits0References1
Rows per page
Query Builder