10441 matches found
PT-2025-51929
Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.5.3 Description ChurchCRM is an open-source church management system. A SQL injection issue exists in the eGive.php file within the "ReImport" functionality. An authenticated user with finance privileges can execu...
HCL DevOps Deploy 安全漏洞
HCL DevOps Deploy is an application from HCL India. It can be mapped to your organizational structure using flexible team-based and role-based security models. HCL DevOps Deploy has a security vulnerability that stems from the explicit transmission of sensitive information, which could lead to th...
PT-2025-51228
The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the add images to gallery callback function in all versions up to, and including, 2.13.3. This makes it possible for authenticated attackers,...
CVE-2025-14395
The Popover Windows plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple ajax actions e.g., popsubmit, popthemesubmit in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with subscriber-lev...
CVE-2025-14446
The Popup Builder Easy Notify Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the easynotifycpreset function in all versions up to, and including, 1.1.37. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-14397
The Postem Ipsum plugin for WordPress is vulnerable to unauthorized modification of data to Privilege Escalation due to a missing capability check on the postemipsumgenerateusers function in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with...
EUVD-2025-203228
The AnnunciFunebri Impresa plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the annfuresetoptions function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and...
EUVD-2025-203234
The Popover Windows plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple ajax actions e.g., popsubmit, popthemesubmit in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with subscriber-lev...
EUVD-2025-203200
The Popup Builder Easy Notify Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the easynotifycpreset function in all versions up to, and including, 1.1.37. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-14397
The Postem Ipsum plugin for WordPress is vulnerable to unauthorized modification of data to Privilege Escalation due to a missing capability check on the postemipsumgenerateusers function in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with...
CVE-2025-11164
The Mavix Education theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mavixeducationactivateplugin' AJAX action in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level acces...
CVE-2025-14447 AnnunciFunebri Impresa <= 4.7.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Options Deletion
The AnnunciFunebri Impresa plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the annfuresetoptions function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and...
WordPress plugin Devs CRM – Manage tasks, attendance and teams all together 安全漏洞
WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that provides the ability to host a personal blog site on a PHP and MySQL based server. WordPress plugin Devs CRM - Manage task...
WordPress plugin AnnunciFunebri Impresa 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security...
WordPress plugin Popup Builder (Easy Notify Lite) 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress plugin Mavix Education 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2025-51070
The Popover Windows plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple ajax actions e.g., pop submit, poptheme submit in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with...
EUVD-2025-202985
The Simple Theme Changer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the userthemeadmin, displaymethodadmin, and setchangethemebuttonname actions actions in all versions up to, and including, 1.0. This makes it possible for...
EUVD-2025-203016
The Flow-Flow Social Feed Stream plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flowflowsocialauth AJAX action in versions 3.0.0 to 4.7.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...
CVE-2025-14064
The BuddyTask plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on multiple AJAX endpoints in all versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...