Lucene search
K

68 matches found

NVD
NVD
added 7 hours ago8 views

CVE-2026-13454

The MotoPress Appointment Booking plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 2.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS
Exploits0References6
CVE
CVE
added 9 hours ago8 views

CVE-2026-13454

CVE-2026-13454 affects MotoPress Appointment Booking for WordPress (

6.5CVSS5.8AI score
Exploits0References6
EUVD
EUVD
added 6 days ago4 views

EUVD-2026-39179

GitLab has remediated an issue in GitLab EE affecting all versions from 17.9 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with custom role permissions to view, create, or delete protected environment configuratio...

3.8CVSS5.9AI score0.00201EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-52194

Name of the Vulnerable Software and Affected Versions GitLab EE versions 17.9 through 18.11.5 GitLab EE versions 19.0 through 19.0.2 GitLab EE versions 19.1 through 19.1.0 Description An incorrect authorization issue exists where an authenticated user with custom role permissions can view, create...

3.8CVSS5.8AI score0.00201EPSS
Exploits0References9
NVD
NVD
added 2026/06/22 6:16 a.m.14 views

CVE-2026-8157

The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST API endpoints, allowing authenticated users with a custom Vitepos WordPress plugin before 3.4.2 role to escalate privileges to administrator...

8.8CVSS0.00237EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 6:0 a.m.32 views

CVE-2026-8157 Vitepos < 3.4.2 - Outlet Manager+ Privilege Escalation

The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST API endpoints, allowing authenticated users with a custom Vitepos WordPress plugin before 3.4.2 role to escalate privileges to administrator...

0.00237EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 6:0 a.m.12 views

CVE-2026-8157

The CVE-2026-8157 entry concerns the Vitepos WordPress plugin, specifically versions before 3.4.2. The vulnerability arises from improper access control in a REST API endpoint used to create new users: authenticated users with a custom Vitepos role can bypass restrictions and elevate their privil...

8.8CVSS5.8AI score0.00237EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/18 3:41 a.m.20 views

CVE-2026-12407 E2Pdf <= 1.32.26 - Missing Authorization to Authenticated (Custom+) Arbitrary Option Update / Privilege Escalation via 'screen_action' Parameter

The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.32.26. This is due to the screenaction function lacking a dedicated capability check and nonce verification — when invoked via the ?action=screen routing path...

8.8CVSS0.00387EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/15 9:30 p.m.9 views

EUVD-2025-210157

Custom role Insecure Direct Object References IDOR in Projectopia = 5.1.25.2 versions...

7.5CVSS5.2AI score0.00287EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:16 p.m.6 views

CVE-2026-42661

Custom role Path Traversal in WP Customer Area = 8.3.4 versions...

8.8CVSS0.00371EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.10 views

CVE-2025-59133

Custom role Insecure Direct Object References IDOR in Projectopia = 5.1.25.2 versions...

7.5CVSS0.00287EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.6 views

EUVD-2026-36826

Custom role Path Traversal in WP Customer Area = 8.3.4 versions...

8.8CVSS5.2AI score0.00371EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:17 p.m.24 views

CVE-2025-59133 WordPress Projectopia plugin <= 5.1.25.2 - Insecure Direct Object References (IDOR) vulnerability

Custom role Insecure Direct Object References IDOR in Projectopia = 5.1.25.2 versions...

7.5CVSS0.00287EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49347

Custom role Insecure Direct Object References IDOR in Projectopia = 5.1.25.2 versions...

7.5CVSS5.2AI score0.00287EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.8 views

PT-2026-49452

Custom role Path Traversal in WP Customer Area = 8.3.4 versions...

8.8CVSS5.2AI score0.00371EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/29 2:48 p.m.4 views

CVE-2026-7106

The Highland Software Custom Role Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 1.0.0. This is due to insufficient authorization checks in the hscrmsaveuserroles function, which is hooked to the personaloptionsupdate action accessible by any...

8.8CVSS5.2AI score0.00307EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/27 10:19 a.m.5 views

WordPress Highland Software Custom Role Manager plugin <= 1.0.0 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Herc Bandiola in WordPress Plugin Highland Software Custom Role Manager versions = 1.0.0...

8.8CVSS5.2AI score0.00307EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/27 3:16 a.m.5 views

CVE-2026-7106

The Highland Software Custom Role Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 1.0.0. This is due to insufficient authorization checks in the hscrmsaveuserroles function, which is hooked to the personaloptionsupdate action accessible by any...

8.8CVSS0.00307EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/04/27 2:26 a.m.5 views

CVE-2026-7106

The Highland Software Custom Role Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 1.0.0. This is due to insufficient authorization checks in the hscrmsaveuserroles function, which is hooked to the personaloptionsupdate action accessible by any...

8.8CVSS5.2AI score0.00307EPSS
Exploits0References9
CVE
CVE
added 2026/04/27 2:26 a.m.22 views

CVE-2026-7106

The vulnerability CVE-2026-7106 affects the Highland Software Custom Role Manager plugin for WordPress (versions up to and including 1.0.0). The root cause is insufficient authorization checks in the hscrm_save_user_roles() function, hooked to the personal_options_update action. This action is ac...

8.8CVSS5.2AI score0.00307EPSS
Exploits0References8
Rows per page
Query Builder