Lucene search
K

118 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:24 p.m.9 views

CVE-2021-25013

The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubelydeletesavedblock AJAX action, and does not ensure that the block to be deleted belong to the plugin, as a result, any authenticated users, such as subscriber can delete arbitrary posts...

6.5CVSS6.7AI score0.00429EPSS
Exploits2References1
Veracode
Veracode
added 2025/05/05 2:15 a.m.10 views

Improper Authorization

github.com/mattermost/mattermost-server is vulnerable to improper authorization. The vulnerability is due to insufficient permission validation for the API endpoint /plugins/playbooks/api/v0/signal/keywords/ignore-thread, allowing any user or attacker to delete posts created by the Playbooks bot...

4.3CVSS6.6AI score0.0023EPSS
Exploits0References4Affected Software2
Snyk
Snyk
added 2025/04/24 6:14 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the updateChannelAction function, which does not sufficiently check user permissions before executing a delete operation. Any user can delete posts containing actions posted by the Playbooks bot. Remediation...

5.3CVSS6.9AI score0.0023EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/03/22 12:0 a.m.6 views

WordPress plugin Motors – Car Dealer, Classifieds & Listing 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS8.6AI score0.00288EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/03/09 8:45 a.m.9 views

CVE-2024-12610

The School Management System for Wordpress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'mjsmgtremovefeetype' and 'mjsmgtremovecategorynew' AJAX actions in all versions up to, and including, 93.0.0. This makes it possible for...

5.3CVSS6.8AI score0.00283EPSS
Exploits0References1
OSV
OSV
added 2025/03/08 9:15 a.m.4 views

CVE-2024-13816

The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 2.3.6. This mak...

5.4CVSS5.8AI score0.0022EPSS
Exploits0References2
NVD
NVD
added 2025/03/07 9:15 a.m.9 views

CVE-2024-12610

The School Management System for Wordpress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'mjsmgtremovefeetype' and 'mjsmgtremovecategorynew' AJAX actions in all versions up to, and including, 93.0.0. This makes it possible for...

5.3CVSS0.00283EPSS
Exploits0References2
CVE
CVE
added 2025/03/07 8:21 a.m.45 views

CVE-2024-12610

CVE-2024-12610 affects the School Management System for Wordpress plugin for WordPress (≤ 93.0.0). Root cause: missing capability check on AJAX actions mj_smgt_remove_feetype and mj_smgt_remove_category_new, enabling unauthenticated attackers to delete arbitrary posts. Impact per sources: unautho...

5.3CVSS7.1AI score0.00283EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/03/07 12:0 a.m.6 views

WordPress plugin School Management System 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

5.3CVSS8.8AI score0.00283EPSS
Exploits0References4
OSV
OSV
added 2025/03/04 10:15 a.m.5 views

CVE-2025-0958

The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 4.2.9. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary auctions, posts as well as...

6.3CVSS6AI score0.00332EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/02/01 12:0 a.m.6 views

PT-2025-2265 · WordPress · Woocommerce Support Ticket System

Name of the Vulnerable Software and Affected Versions: WooCommerce Support Ticket System plugin for WordPress versions up to, and including, 17.8 Description: The issue is related to missing capability checks on the ajax delete message, ajax get customers partial list, and ajax get admins list...

5.4CVSS9.1AI score0.00229EPSS
Exploits0References9
OSV
OSV
added 2025/01/08 9:15 a.m.4 views

CVE-2024-12855

The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions like 'sbremovead' in all versions up to, and including, 5.1.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

5.4CVSS5.8AI score0.00263EPSS
Exploits0References2
NVD
NVD
added 2024/12/12 5:15 a.m.16 views

CVE-2024-11709

The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aipostgeneratordeletePost AJAX action in all versions up to, and including, 3.5. This makes it possible for authenticated attackers, with...

4.3CVSS0.00347EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/12/12 12:0 a.m.4 views

WordPress plugin AI Post Generator | AutoWriter 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS8.5AI score0.00347EPSS
Exploits0References3
OSV
OSV
added 2024/11/04 3:44 p.m.21 views

GO-2024-3235 Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server

Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server...

4.3CVSS4.8AI score0.0027EPSS
Exploits0References2
OSV
OSV
added 2024/10/29 8:15 a.m.5 views

CVE-2024-50052

Mattermost versions 9.10.x = 9.10.2, 9.11.x = 9.11.1, 9.5.x = 9.5.9 fail to check that the origin of the message in an integration action matches with the original post metadata which allows an authenticated user to delete an arbitrary post...

4.3CVSS7.8AI score
Exploits0References1
CVE
CVE
added 2024/10/12 5:39 a.m.48 views

CVE-2024-9824

The ImagePress – Image Gallery WordPress plugin is affected up to version 1.2.2 by a Broken Access Control issue: missing capability checks on ip_delete_post and ip_update_post_title allow authenticated users with Subscriber+ rights to delete arbitrary posts and change post titles. Public details...

4.3CVSS4.8AI score0.00322EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/08/29 12:0 a.m.5 views

PT-2024-37150 · WordPress · Tutor Lms Pro

Name of the Vulnerable Software and Affected Versions: The Tutor LMS Pro plugin for WordPress versions up to, and including, 2.7.2 Description: The issue allows authenticated attackers with subscriber-level access and above to perform administrative actions on the site, such as deleting comments,...

7.1CVSS6.8AI score0.00355EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/08/01 12:0 a.m.5 views

PT-2024-29293 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.9.x through 9.9.0 Mattermost versions 9.5.x through 9.5.6 Mattermost versions 9.7.x through 9.7.5 Mattermost versions 9.8.x through 9.8.1 Description: The issue arises from the failure to properly validate synced posts...

7.1CVSS7AI score0.00362EPSS
Exploits0References11
NVD
NVD
added 2024/05/23 7:15 a.m.24 views

CVE-2024-2038

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible fo...

7.5CVSS7.6AI score0.00494EPSS
Exploits0References3
Rows per page
Query Builder