Lucene search
+L

28 matches found

nvd
nvd
added 5 days ago7 views

CVE-2026-6803

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.4.12. This is due to missing capability checks and nonce verification on AJAX actions registered under both wpajax and wpajaxnopriv hooks, as the base...

5.3CVSS0.00297EPSS
Exploits0References12
cvelist
cvelist
added 5 days ago33 views

CVE-2026-7559 Affilia <= 3.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Status Modification

The Affilia – Affiliate Program & Referral Tracking for WordPress plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.3.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00304EPSS
Exploits0References12
euvd
euvd
added 5 days ago5 views

EUVD-2026-43140

The Affilia – Affiliate Program & Referral Tracking for WordPress plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.3.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS6.1AI score0.00304EPSS
Exploits0References12
cve
cve
added 6 days ago8 views

CVE-2026-61460

Krayin CRM up to version 2.2.3 is affected by an insecure direct object reference vulnerability in LeadController, PersonController, OrganizationController, QuoteController, and ActivityController. The root cause is missing record-level ownership validation in edit, update, and destroy methods, e...

8.8CVSS6.1AI score0.0028EPSS
Exploits0References3
cve
cve
added 2026/07/08 1:49 p.m.10 views

CVE-2026-56775

CVE-2026-56775 affects n8n prior to 1.123.55, 2.25.7, and 2.26.2. The issue is an authorization vulnerability in three mutating evaluation test-run endpoints that grant state-changing actions under the workflow:read scope instead of the action-appropriate workflow:execute scope. On systems using ...

5.4CVSS6AI score0.00176EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/06/26 2:38 p.m.4 views

CVE-2026-56773 Teable - Missing Authorization in v2 REST API

Teable's v2 REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenticated user to bypass authorization checks. Attackers can read table schemas, create tables, and modify or delete records across bases and tables via endpoints like GET /api/v2/tables/get and POST...

8.7CVSS6AI score0.00371EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/26 12:0 a.m.13 views

PT-2026-52778

Name of the Vulnerable Software and Affected Versions Teable affected versions not specified Description The v2 REST API controller lacks @Permissions metadata on ORPC endpoints, which enables authenticated users to bypass authorization checks. This allows unauthorized reading of table schemas,...

8.8CVSS5.8AI score0.00371EPSS
Exploits0References6
cve
cve
added 2026/06/25 6:0 a.m.20 views

CVE-2026-10824

The Masteriyo LMS WordPress plugin, version before 2.2.1, has missing authorization checks in the course-progress REST API controller. This allows unauthenticated users to read and permanently delete any user’s course-progress records. The vulnerability is caused by insufficient access control in...

6.5CVSS5.8AI score0.00164EPSS
Exploits0References1
euvd
euvd
added 2026/05/26 2:8 p.m.16 views

EUVD-2026-31834

OpenKM 6.3.12 contains an unrestricted SQL execution vulnerability that allows authenticated administrative users to execute arbitrary SQL statements against the application database via the DatabaseQuery interface. Attackers can submit malicious SQL queries through the qs parameter to the...

8.6CVSS6.2AI score0.00641EPSS
Exploits0References7
patchstack
patchstack
added 2026/05/12 3:27 p.m.11 views

WordPress Blog2Social: Social Media Auto Post & Scheduler plugin <= 8.9.0 - Missing Authorization to Authenticated (Subscriber+) Delete Arbitrary B2S Post Records vulnerability

Missing Authorization to Authenticated Subscriber+ Delete Arbitrary B2S Post Records vulnerability discovered by awhacken in WordPress Plugin Blog2Social versions = 8.9.0...

5.4CVSS5.8AI score0.00409EPSS
Exploits0References1Affected Software1
euvd
euvd
added 2026/05/12 9:31 a.m.28 views

EUVD-2026-29413

The Forms Rb plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with contributor-level access a...

4.3CVSS5.8AI score0.00283EPSS
Exploits0References14
attackerkb
attackerkb
added 2026/05/12 7:48 a.m.12 views

CVE-2026-7050

The Forms Rb plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with contributor-level access a...

4.3CVSS5.8AI score0.00283EPSS
Exploits0References14
cnnvd
cnnvd
added 2026/05/12 12:0 a.m.10 views

WordPress plugin Forms Rb 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00283EPSS
Exploits0References1
nvd
nvd
added 2026/02/18 10:16 p.m.7 views

CVE-2026-27181

MajorDoMo aka Major Domestic Module allows unauthenticated arbitrary module uninstallation through the market module. The market module's admin method reads gr'mode' from $REQUEST and assigns it to $this-mode at the start of execution, making all mode-gated code paths reachable without...

8.7CVSS0.00708EPSS
Exploits1References3
euvd
euvd
added 2025/12/20 6:30 a.m.5 views

EUVD-2025-204625

The WP DB Booster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the cleanupall AJAX action. This makes it possible for unauthenticated attackers to delete database records including post...

4.3CVSS4.9AI score0.00126EPSS
Exploits0References4
euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-31339

Malicious code in bioql PyPI...

5.7CVSS6.3AI score0.00298EPSS
Exploits0References8
nvd
nvd
added 2025/06/27 4:15 p.m.6 views

CVE-2025-50369

A Cross-Site Request Forgery CSRF vulnerability exists in the Manage Card functionality /mcgs/admin/manage-card.php of PHPGurukul Medical Card Generation System 1.0. The vulnerable endpoint allows an authorized admin to delete medical card records by sending a simple GET request without verifying...

6.5CVSS0.00137EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/06/27 12:0 a.m.5 views

PHPGurukul Medical Card Generation System 安全漏洞

Medical Card Generation System is a medical card generation system. The Medical Card Generation System suffers from a cross-site request forgery vulnerability that stems from the lack of CSRF protection in the Manage Card feature, which can be exploited by an attacker to send a simple GET request...

6.5CVSS6.8AI score0.00137EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/02/06 12:44 a.m.9 views

CVE-2022-3898

The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.9. This is due to missing or incorrect nonce validation on various functions including the affiliatesmenu method. This makes it possible for unauthenticated attackers t...

8.8CVSS6.4AI score0.0042EPSS
Exploits0References1
osv
osv
added 2025/02/01 8:15 a.m.4 views

CVE-2024-13429

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the 'jobenforcedelete' due to missing validation on a user controlled key. This makes it possib...

4.3CVSS5.9AI score0.00342EPSS
Exploits0References2
Rows per page
Query Builder