Lucene search
+L

356 matches found

Vulnrichment
Vulnrichment
added 2026/02/19 4:36 a.m.5 views

CVE-2026-0912 Toret Manager <= 1.2.7 - Authenticated (Subscriber+) Arbitrary Options Update via AJAX actions

The Toret Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'trmansaveoption' function and on the 'trmansaveoptionitems' in all versions up to, and including, 1.2.7. This makes it possible...

8.8CVSS5.7AI score0.00292EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/18 1:28 p.m.6 views

CVE-2026-2608

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.32. This makes it possible for authenticated attackers, with Contributor-level access...

4.3CVSS5.5AI score0.002EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.12 views

PT-2026-20291

Name of the Vulnerable Software and Affected Versions EmailKit – Email Customizer for WooCommerce & WP versions prior to 1.6.3 Description The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress has a flaw that allows unauthorized data modification. This is due to a missing...

4.3CVSS5.5AI score0.00245EPSS
Exploits0References6
NVD
NVD
added 2026/02/17 12:16 p.m.7 views

CVE-2026-2608

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.32. This makes it possible for authenticated attackers, with Contributor-level access...

4.3CVSS0.002EPSS
Exploits0References3
NVD
NVD
added 2026/02/16 8:19 p.m.11 views

CVE-2026-2001

The WowRevenue plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'Notice::installactivateplugin' function in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with subscriber-level access and...

8.8CVSS0.00377EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/16 12:0 a.m.10 views

PT-2026-8384

The WowRevenue plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'Notice::install activate plugin' function in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with subscriber-level access a...

8.8CVSS6.6AI score0.00377EPSS
Exploits0References3
NVD
NVD
added 2026/02/12 4:15 a.m.10 views

CVE-2026-1537

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the loadstep function in all versions up to, and including, 5.2.6. This makes it possible for unauthenticated attackers to vie...

5.3CVSS0.00244EPSS
Exploits0References3
NVD
NVD
added 2026/02/11 5:16 p.m.5 views

CVE-2025-13391

The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO Premium plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'unicporemovefile' function in all versions up to, and including, 4.9.60. This makes it possible for...

5.8CVSS0.00189EPSS
Exploits0References2
NVD
NVD
added 2026/02/10 12:16 a.m.7 views

CVE-2026-0845

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'WCFMSettingsController::processing' function in...

7.2CVSS0.00436EPSS
Exploits0References4
CVE
CVE
added 2026/02/09 11:23 p.m.21 views

CVE-2026-0845

The CVE affects the WordPress ecosystem: WCFM – Frontend Manager for WooCommerce with the Bookings Subscription Listings Compatible plugin for WordPress. It has a missing capability check in WCFM_Settings_Controller::processing across all versions up to and including 6.7.24, allowing authenticate...

7.2CVSS5.7AI score0.00436EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/09 11:23 p.m.39 views

CVE-2026-0845 WCFM - WooCommerce Frontend Manager <= 6.7.24 - Authenticated (Shop Manager+) Arbitrary Options Update

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'WCFMSettingsController::processing' function in...

7.2CVSS0.00436EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/09 11:23 p.m.4 views

CVE-2026-0845

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'WCFMSettingsController::processing' function in...

7.2CVSS5.7AI score0.00436EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/08 1:3 p.m.16 views

CVE-2025-15476

The The Bucketlister plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bucketlisterdoadminajax function in all versions up to, and including, 0.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.5AI score0.00158EPSS
Exploits0References1
NVD
NVD
added 2026/02/05 2:16 p.m.10 views

CVE-2026-1927

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the greenshiftapppassvalidation function in all versions up to, and including, 12.6. This makes it possible for authenticated attackers, with...

5.4CVSS0.00186EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/05 1:27 p.m.4 views

CVE-2026-1927

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the greenshiftapppassvalidation function in all versions up to, and including, 12.6. This makes it possible for authenticated attackers, with...

5.4CVSS6AI score0.00186EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/04 8:25 a.m.7 views

CVE-2026-0572

The WebPurify Profanity Filter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'webpurifysaveoptions' function in all versions up to, and including, 4.0.2. This makes it possible for unauthenticated attackers to change plugin settin...

6.5CVSS5.4AI score0.00309EPSS
Exploits0References3
NVD
NVD
added 2026/01/31 5:16 a.m.14 views

CVE-2026-1431

The Booking Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpbcajaxWPBCFLEXTIMELINENAV function in all versions up to, and including, 10.14.13. This makes it possible for unauthenticated attackers to retrieve booking information...

5.3CVSS0.00264EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/28 11:23 a.m.3 views

CVE-2026-1280

The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfmsendfileinemail' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share arbitrary uploaded files v...

7.5CVSS5.8AI score0.00292EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/27 6:44 a.m.4 views

CVE-2025-14971 Link Invoice Payment for WooCommerce <= 2.8.0 - Missing Authorization to Unauthenticated Arbitrary Partial Payment Creation/Cancellation

The Link Invoice Payment for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createPartialPayment and cancelPartialPayment functions in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated...

5.3CVSS5.9AI score0.00297EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/25 9:16 a.m.20 views

CVE-2026-0687

The Meta-box GalleryMeta plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mbgallery' custom post type in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with Author-level access and abov...

4.3CVSS5.5AI score0.00193EPSS
Exploits0References1
Rows per page
Query Builder