Lucene search
K

1555 matches found

Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.11 views

PT-2026-36609

The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and disruption of Stripe webhook configuration in all versions up to, and including, 3.6.5. This is due to missing capability checks on the wp ajax pmpro stripe create webhook, wp ajax pmpro stripe delete...

7.1CVSS5.8AI score0.00247EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.6 views

PT-2026-36593

Name of the Vulnerable Software and Affected Versions Royal Addons for Elementor versions prior to 1.7.1057 Description The Royal Addons for Elementor plugin for WordPress allows unauthorized modification of data due to a missing capability check on the wpr update form action meta AJAX action. Th...

5.3CVSS5.8AI score0.00501EPSS
Exploits0References11
EUVD
EUVD
added 2026/04/22 9:31 a.m.5 views

EUVD-2026-24680

The mCatFilter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.5.2. This is due to the complete absence of nonce verification and capability checks in the computepost function, which processes settings updates. The computepost function is...

4.3CVSS5.7AI score0.00165EPSS
Exploits0References8
NVD
NVD
added 2026/04/22 9:16 a.m.8 views

CVE-2026-4119

The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 1.2.1. The plugin registers adminpost action hooks for creating tables adminpostaddtable and deleting tables adminpostdeletedbtable without implementing any capability checks via...

9.1CVSS0.00729EPSS
Exploits0References13
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.7 views

WordPress plugin Emailchef 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00261EPSS
Exploits0References1
NVD
NVD
added 2026/04/17 8:16 a.m.5 views

CVE-2026-6451

The cms-fuer-motorrad-werkstaetten plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.0.0. This is due to missing nonce validation on all eight AJAX deletion handlers: vehiclescfmwdvehicle, contactscfmwdcontact, supplierscfmwdsupplier,...

4.3CVSS0.00225EPSS
Exploits0References19
NVD
NVD
added 2026/04/17 5:16 a.m.5 views

CVE-2026-5427

The Kubio plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to and including 2.7.2. This is due to insufficient capability checks in the kubiorestpreinsertimportassets function, which is hooked to the restpreinsertposttype filter for posts, pages, templates, and template...

5.3CVSS0.00536EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.9 views

WordPress plugin Kubio 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.9AI score0.00536EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.5 views

PT-2026-33404

The Kubio plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to and including 2.7.2. This is due to insufficient capability checks in the kubio rest pre insert import assets function, which is hooked to the rest pre insert post type filter for posts, pages, templates, and...

5.3CVSS5.7AI score0.00536EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.9 views

WordPress plugin Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

5.3CVSS5.8AI score0.00283EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.10 views

PT-2026-33265

Name of the Vulnerable Software and Affected Versions Riaxe Product Customizer versions prior to 2.1.3 Description The plugin contains a privilege escalation flaw due to an unauthenticated AJAX action ''wp ajax nopriv install-imprint'' that maps to the ink pd add option function. This function...

9.8CVSS5.4AI score0.00789EPSS
Exploits0References17
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.10 views

WordPress plugin e-shot form builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

5.3CVSS5.8AI score0.00367EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/14 1:24 a.m.7 views

EUVD-2026-22197

The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the deletequestionanswer function in all versions up to, and including, 4.3.2.8. The plugin exposes a wprest nonce in public frontend HTML lpData to unauthenticated visitors, and...

9.1CVSS5.8AI score0.00867EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.5 views

PT-2026-32587

Name of the Vulnerable Software and Affected Versions LearnPress plugin for WordPress versions up to 4.3.2.8 Description The plugin allows unauthorized data deletion because the delete question answer function lacks a capability check. It exposes a wp rest nonce in the public frontend HTML lpData...

9.1CVSS5.7AI score0.00867EPSS
Exploits0References11
NVD
NVD
added 2026/04/10 2:16 a.m.12 views

CVE-2026-2712

The WP-Optimize plugin for WordPress is vulnerable to unauthorized access of functionality due to missing capability checks in the receiveheartbeat function in includes/class-wp-optimize-heartbeat.php in all versions up to, and including, 4.5.0. This is due to the Heartbeat handler directly...

5.4CVSS0.00427EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/10 1:24 a.m.7 views

EUVD-2026-21248

The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.9.0 due to insufficient input sanitization, insufficient output escaping, and missing capabilities checks in the 'weblingadminsaveform' and 'weblingadminsavememberlist' functions...

6.4CVSS6.1AI score0.00277EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/10 1:24 a.m.4 views

EUVD-2026-21258

The Download Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makeMediaPublic and makeMediaPrivate functions in all versions up to, and including, 3.3.51. This is due to the functions only checking for editposts capability...

4.3CVSS5.9AI score0.00373EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.8 views

WordPress plugin Download Manager 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.3CVSS5.8AI score0.00373EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.9 views

PT-2026-31845

Name of the Vulnerable Software and Affected Versions WP-Optimize plugin for WordPress versions up to and including 4.5.0 Description The WP-Optimize plugin for WordPress has a flaw that allows unauthorized access to functionality. This is due to missing capability checks in the receive heartbeat...

5.4CVSS5.7AI score0.00427EPSS
Exploits0References8
EUVD
EUVD
added 2026/04/08 9:31 a.m.4 views

EUVD-2026-20102

The PZ Frontend Manager plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.6. The pzfmuserrequestactioncallback function, registered via the wpajaxpzfmuserrequestaction action hook, lacks both capability checks and nonce verification. This function...

5.3CVSS6AI score0.00319EPSS
Exploits0References8
Rows per page
Query Builder