Lucene search
K

13 matches found

Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.23 views

PT-2026-39954

The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation logic flaw in the saab cancel booking function in all versions up to, and including, 1.0.8. The nonce check uses && AND instead of || OR...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/20 7:22 p.m.6 views

CVE-2026-6518

The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload and remote code execution in all versions up to, and including, 4.1.16 via the cmpthemeupdateinstall AJAX action. This is due to the function only checking for the publishpages...

8.8CVSS6.6AI score0.00867EPSS
Exploits0References1
NVD
NVD
added 2026/01/07 12:16 p.m.3 views

CVE-2025-12958

The Rankology SEO and Analytics Tool plugin for WordPress is vulnerable to unauthorized modification of data due to an incorrect capability check on the 'rankologycodeblock' page in all versions up to, and including, 2.0. This makes it possible for authenticated attackers, with Editor-level acces...

2.7CVSS0.0021EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/26 12:0 a.m.4 views

WordPress plugin BackWPup 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

5.3CVSS6.2AI score0.00254EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/18 6:30 a.m.2 views

EUVD-2025-34954

The ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'shortpixelajaxRequest' AJAX action in all versions up to, and including, 6.3.4. This makes it possible for...

5.4CVSS4.5AI score0.00284EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-44263

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.0028EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-26881

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.00211EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-27487

Malicious code in bioql PyPI...

5.4CVSS8.8AI score0.00568EPSS
Exploits1References3
OSV
OSV
added 2025/07/31 12:15 p.m.5 views

CVE-2025-8068

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to an improper capability check on the 'ajaxtrashtemplates' function in all versions up to, and including, 2.9.1. This makes it possible for authenticated attackers, wi...

4.3CVSS5.9AI score0.0028EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 10:32 a.m.6 views

CVE-2024-7622

The Revision Manager TMC plugin for WordPress is vulnerable to unauthorized arbitrary email sending due to a missing capability check on the aajaxQuickEmailTestCallback function in all versions up to, and including, 2.8.19. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS6.6AI score0.00351EPSS
Exploits0References1
NVD
NVD
added 2025/05/07 3:15 a.m.17 views

CVE-2025-3921

The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handelajaxreq function in versions 1.9.1 to 7.5.2. This makes it possible for unauthenticated attackers to update arbitrary user's metadata whic...

8.2CVSS0.00363EPSS
Exploits0References3
CVE
CVE
added 2025/04/30 5:23 a.m.63 views

CVE-2025-3953

CVE-2025-3953 affects WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin for WordPress (versions up to 14.13.3). The flaw is a missing capability check in optionUpdater, enabling authenticated attackers with Subscriber-level access and above to modify arbitrary plugin settings. Th...

5.4CVSS6.2AI score0.00226EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/20 11:25 a.m.19 views

CVE-2024-13783

The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export all plugin da...

4.3CVSS6AI score0.00382EPSS
Exploits0References1
Rows per page
Query Builder