Lucene search
K

1555 matches found

CVE
CVE
added 2026/04/08 6:43 a.m.10 views

CVE-2026-3477

CVE-2026-3477 concerns the PZ Frontend Manager plugin for WordPress (versions up to 1.0.6). The vulnerability stems from the AJAX handler pzfm_user_request_action_callback(), registered via wp_ajax_pzfm_user_request_action, which lacks both capability checks and nonce verification. When the reque...

5.3CVSS6AI score0.00319EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/08 12:30 a.m.5 views

EUVD-2026-19956

The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on multiple wpajaxsmart-slider3 controller actions in all versions up to, and including, 3.5.1.33. The displayadminajax method does not call checkForCap which...

5.4CVSS5.9AI score0.00357EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/04/07 9:26 p.m.3 views

CVE-2026-4065

The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on multiple wpajaxsmart-slider3 controller actions in all versions up to, and including, 3.5.1.33. The displayadminajax method does not call checkForCap which...

5.9AI score0.00357EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/04/07 9:26 p.m.22 views

CVE-2026-4065 Smart Slider 3 <= 3.5.1.33 - Missing Authorization to Authenticated (Contributor+) Slider Data Read and Image Record Manipulation

The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on multiple wpajaxsmart-slider3 controller actions in all versions up to, and including, 3.5.1.33. The displayadminajax method does not call checkForCap which...

5.4CVSS0.00357EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.7 views

PT-2026-31034

The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on multiple wp ajax smart-slider3 controller actions in all versions up to, and including, 3.5.1.33. The display admin ajax method does not call checkForCap which...

5.4CVSS5.9AI score0.00357EPSS
Exploits0References10
VulnCheck KEV
VulnCheck KEV
added 2026/03/31 12:0 a.m.175 views

VulnCheck KEV: CVE-2025-11368

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 4.2.9.4. This is due to missing capability checks in the REST endpoint /wp-json/lp/v1/loadcontentviaajax which allows arbitrary callback execution of...

5.3CVSS6AI score0.00914EPSS
In wildExploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.4 views

CVE-2026-3226

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized email notification triggering due to missing capability checks on all 10 functions in the SendEmailAjax class in all versions up to, and including, 4.3.2.8. The AbstractAjax::catchlpajax dispatcher verifies a...

4.3CVSS5.9AI score0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.4 views

CVE-2026-3225

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question answers due to a missing capability check in the deletequestionanswer function of the EditQuestionAjax class in all versions up to, and including, 4.3.2.8. The...

4.3CVSS5.8AI score0.00262EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.5 views

CVE-2026-1253

The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'atomchatupdateauthajax' and 'atomchatupdatelayoutajax' functions in all versions up to, and including, 1.1.7. This makes it possible for...

5.3CVSS5.8AI score0.00285EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.3 views

CVE-2026-4063

The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in the addmenuitem method hooked to adminmenu in all versions up to, and including, 4.5.8. This is due to the method performing wpinsertpost and...

4.3CVSS5.8AI score0.00207EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.3 views

CVE-2026-4004

The Task Manager plugin for WordPress is vulnerable to arbitrary shortcode execution via the 'search' AJAX action in all versions up to, and including, 3.0.2. This is due to missing capability checks in the callbacksearch function and insufficient input validation that allows shortcode syntax...

6.5CVSS6.1AI score0.00254EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 3:37 a.m.2 views

CVE-2026-4331

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized data loss in all versions up to, and including, 8.8.2. This is due to the resetSocialMetaTags function only verifying that the user has the 'read' capability and a valid b2ssecuritynonce, both o...

4.3CVSS5.8AI score0.00248EPSS
Exploits0References11
CNVD
CNVD
added 2026/03/26 12:0 a.m.3 views

WordPress Plugin Download Manager Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. The WordPress plugin Download Manager information disclosure vulnerability, which stems from a...

4.3CVSS5.8AI score0.00222EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.8 views

PT-2026-27327

The Product Filter for WooCommerce by WBW plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check in all versions up to, and including, 3.1.2. This is due to the plugin's MVC framework dynamically registering unauthenticated AJAX handlers via wp ajax nopriv...

6.5CVSS5.8AI score0.00273EPSS
Exploits0References9
CVE
CVE
added 2026/03/23 10:25 p.m.12 views

CVE-2026-3225

The LearnPress – WordPress LMS Plugin is vulnerable to unauthorized deletion of quiz question answers due to a missing capability check in delete_question_answer() of the EditQuestionAjax class, affecting all versions up to and including 4.3.2.8. The AbstractAjax::catch_lp_ajax() dispatcher verif...

4.3CVSS5.8AI score0.00262EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/21 6:30 a.m.10 views

EUVD-2026-14150

The Task Manager plugin for WordPress is vulnerable to arbitrary shortcode execution via the 'search' AJAX action in all versions up to, and including, 3.0.2. This is due to missing capability checks in the callbacksearch function and insufficient input validation that allows shortcode syntax...

6.5CVSS6.1AI score0.00254EPSS
Exploits0References8
NVD
NVD
added 2026/03/21 4:17 a.m.7 views

CVE-2026-4004

The Task Manager plugin for WordPress is vulnerable to arbitrary shortcode execution via the 'search' AJAX action in all versions up to, and including, 3.0.2. This is due to missing capability checks in the callbacksearch function and insufficient input validation that allows shortcode syntax...

6.5CVSS0.00254EPSS
Exploits0References7
NVD
NVD
added 2026/03/21 4:16 a.m.3 views

CVE-2026-1253

The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'atomchatupdateauthajax' and 'atomchatupdatelayoutajax' functions in all versions up to, and including, 1.1.7. This makes it possible for...

4.3CVSS0.00285EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:26 a.m.4 views

CVE-2026-1253

The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'atomchatupdateauthajax' and 'atomchatupdatelayoutajax' functions in all versions up to, and including, 1.1.7. This makes it possible for...

5.3CVSS5.8AI score0.00285EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/21 12:31 a.m.2 views

EUVD-2026-13924

The RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 4.1132. The plugin exposes two AJAX handlers that, when combined, allow any authenticated user to modify admin-level plugin settings. First, the...

5.3CVSS5.9AI score0.00236EPSS
Exploits0References7
Rows per page
Query Builder