Lucene search
K

291 matches found

Cvelist
Cvelist
added yesterday10 views

CVE-2026-61958 WordPress License Manager for WooCommerce plugin <= 3.0.17 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in Saad Iqbal License Manager for WooCommerce license-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects License Manager for WooCommerce: from n/a through = 3.0.17...

5.4CVSS0.00287EPSS
Exploits0References1
CVE
CVE
added 4 days ago9 views

CVE-2026-12685

The CVE describes a backdoor in the EscortWP escortwp WordPress theme up to version 3.6.2. The backdoor is vendor-authored and obfuscated, allowing an unauthenticated attacker who supplies a hard-coded per-build key to permanently delete all site content. It also covertly transmits the site URL, ...

7.5CVSS5.8AI score0.00222EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42830

The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator emai...

7.5CVSS6AI score0.00222EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-12685

The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator emai...

7.5CVSS6AI score0.00222EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-12685 EscortWP <= 3.6.2 - Content Deletion via Vendor-Authored Backdoor

The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator emai...

0.00222EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:14 a.m.16 views

CVE-2025-69134

CVE-2025-69134: WordPress OpenAI Chatbot for WordPress – Helper plugin

7.5CVSS5.8AI score0.003EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:14 a.m.38 views

CVE-2025-69134 WordPress OpenAI Chatbot for WordPress – Helper plugin <= 1.1.4 - Arbitrary Content Deletion vulnerability

Unauthenticated Arbitrary Content Deletion in OpenAI Chatbot for WordPress – Helper = 1.1.4 versions...

7.5CVSS0.003EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.15 views

PT-2026-54964

Unauthenticated Arbitrary Content Deletion in OpenAI Chatbot for WordPress – Helper = 1.1.4 versions...

7.5CVSS5.8AI score0.003EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/29 2:11 p.m.5 views

WordPress OpenAI Chatbot for WordPress – Helper plugin <= 1.1.4 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by Denver Jackson in WordPress Plugin OpenAI Chatbot for WordPress – Helper versions = 1.1.4...

7.5CVSS5.8AI score0.003EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/17 1:20 p.m.10 views

CVE-2026-39433

Subscriber Arbitrary Content Deletion in WPAMS 49.5.3 versions...

6.5CVSS0.00352EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:19 p.m.10 views

CVE-2025-69103

Subscriber Arbitrary Content Deletion in Brikk = 3.0.0 versions...

7.5CVSS0.00407EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:57 p.m.11 views

CVE-2026-39433

The CVE-2026-39433 entry concerns the WordPress WPAMS plugin (Apartment Management) with versions

6.5CVSS5.2AI score0.00352EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.25 views

CVE-2026-39433 WordPress WPAMS plugin < 49.5.3 - Arbitrary Content Deletion vulnerability

Subscriber Arbitrary Content Deletion in WPAMS 49.5.3 versions...

6.5CVSS0.00352EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-50092

Subscriber Arbitrary Content Deletion in WPAMS 49.5.3 versions...

6.5CVSS5.2AI score0.00352EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.18 views

PT-2026-50080

Subscriber Arbitrary Content Deletion in Brikk = 3.0.0 versions...

7.5CVSS5.2AI score0.00407EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.10 views

CVE-2026-6512

The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to permanently delete...

9.1CVSS5.6AI score0.00264EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/26 5:43 a.m.11 views

WordPress Brikk theme <= 3.0.0 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by Denver Jackson in WordPress Theme Brikk versions = 3.0.0...

5.8AI score0.00407EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/14 8:24 a.m.9 views

CVE-2026-6512

The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to permanently delete...

9.1CVSS5.9AI score0.00264EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

WordPress plugin InfusedWoo Pro 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.1CVSS5.8AI score0.00264EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 5:29 a.m.10 views

CVE-2026-6965 Tutor LMS <= 3.9.9 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Post Deletion via 'course' GET Parameter

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9.9. This is due to the getcourseidby function unconditionally trusting the user-supplied course GET parameter as the authoritative course ...

5.3CVSS5.7AI score0.00304EPSS
Exploits0References53
Rows per page
Query Builder