Lucene search
K

4 matches found

SUSE CVE
SUSE CVE
added 2026/03/11 5:37 p.m.2 views

SUSE CVE-2025-3063

The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajaxcallbackupdatesaoption function in versions 2.0 to 2.1. This makes it possible for authenticated attackers, with...

8.8CVSS5.9AI score0.00356EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/11 6:31 a.m.9 views

EUVD-2026-11097

The Datalogics Ecommerce Delivery WordPress plugin before 2.6.60 exposes an unauthenticated REST endpoint that allows any remote user to modify the option datalogicstoken without verification. This token is subsequently used for authentication in a protected endpoint that allows users to perform...

9.8CVSS5.9AI score0.0058EPSS
Exploits2References2
OSV
OSV
added 2023/03/07 3:15 p.m.5 views

CVE-2021-4331

The Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 4.1.9 pro and 2.0.6 free. The plugin adds a registration form to the Elementor page builders functionality. As part of the registration form, users can choose which role to se...

8.8CVSS5.6AI score0.00885EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2022/08/25 12:0 a.m.18 views

Alphabetic Pagination < 3.0.8 - Unauthenticated Arbitrary Option Update

The plugin does not have any proper authorisation in place when updating some settings via a REST endpoint, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary option from the blog and allow registration with a...

4.2AI score
Exploits0Affected Software1
Rows per page
Query Builder