Lucene search
K

17 matches found

RedhatCVE
RedhatCVE
added 2026/04/16 7:22 p.m.5 views

CVE-2026-3642

The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.2. The eshotformbuilderupdatefielddata AJAX handler lacks any capability checks currentusercan or nonce verification checkajaxreferer/wpverifynonce. The function is...

5.3CVSS5.7AI score0.00367EPSS
Exploits0References1
NVD
NVD
added 2026/04/15 9:16 a.m.9 views

CVE-2026-3642

The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.2. The eshotformbuilderupdatefielddata AJAX handler lacks any capability checks currentusercan or nonce verification checkajaxreferer/wpverifynonce. The function is...

5.3CVSS0.00367EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/15 8:28 a.m.31 views

CVE-2026-3642 e-shot <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Form Settings Modification via AJAX

The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.2. The eshotformbuilderupdatefielddata AJAX handler lacks any capability checks currentusercan or nonce verification checkajaxreferer/wpverifynonce. The function is...

5.3CVSS0.00367EPSS
Exploits0References5
CVE
CVE
added 2026/04/15 8:28 a.m.20 views

CVE-2026-3642

CVE-2026-3642 concerns the WordPress plugin e-shot form builder. It affects all versions up to and including 1.0.2, where the AJAX handler eshot_form_builder_update_field_data() lacks capability checks (current_user_can()) and nonce verification (check_ajax_referer()/wp_verify_nonce()). Registere...

5.3CVSS5.7AI score0.00367EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/15 8:28 a.m.5 views

CVE-2026-3642 e-shot <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Form Settings Modification via AJAX

The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.2. The eshotformbuilderupdatefielddata AJAX handler lacks any capability checks currentusercan or nonce verification checkajaxreferer/wpverifynonce. The function is...

5.3CVSS5.7AI score0.00367EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/15 8:28 a.m.4 views

CVE-2026-3642

The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.2. The eshotformbuilderupdatefielddata AJAX handler lacks any capability checks currentusercan or nonce verification checkajaxreferer/wpverifynonce. The function is...

5.3CVSS5.7AI score0.00367EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.10 views

WordPress plugin e-shot form builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

5.3CVSS5.8AI score0.00367EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.9 views

PT-2026-33019

The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.2. The eshot form builder update field data AJAX handler lacks any capability checks current user can or nonce verification check ajax referer/wp verify nonce. The function...

5.3CVSS5.7AI score0.00367EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.6 views

CVE-2026-3546

The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshotformbuildergetaccountdata function is registered as a wpajax AJAX handler accessible to all authenticated users. The function lacks any capability che...

5.3CVSS5.8AI score0.00231EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/21 6:30 a.m.6 views

EUVD-2026-14178

The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshotformbuildergetaccountdata function is registered as a wpajax AJAX handler accessible to all authenticated users. The function lacks any capability che...

5.3CVSS5.8AI score0.00231EPSS
Exploits0References6
NVD
NVD
added 2026/03/21 4:17 a.m.6 views

CVE-2026-3546

The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshotformbuildergetaccountdata function is registered as a wpajax AJAX handler accessible to all authenticated users. The function lacks any capability che...

5.3CVSS0.00231EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/21 3:26 a.m.4 views

CVE-2026-3546 e-shot <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via API Token via 'eshot_form_builder_get_account_data' AJAX Action

The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshotformbuildergetaccountdata function is registered as a wpajax AJAX handler accessible to all authenticated users. The function lacks any capability che...

5.3CVSS5.8AI score0.00231EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:26 a.m.7 views

CVE-2026-3546

The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshotformbuildergetaccountdata function is registered as a wpajax AJAX handler accessible to all authenticated users. The function lacks any capability che...

5.3CVSS5.8AI score0.00231EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/21 3:26 a.m.28 views

CVE-2026-3546 e-shot <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via API Token via 'eshot_form_builder_get_account_data' AJAX Action

The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshotformbuildergetaccountdata function is registered as a wpajax AJAX handler accessible to all authenticated users. The function lacks any capability che...

5.3CVSS0.00231EPSS
Exploits0References5
CVE
CVE
added 2026/03/21 3:26 a.m.5 views

CVE-2026-3546

The CVE concerns the WordPress plugin e-shot form builder (≤ v1.0.2). The vulnerable component is eshot_form_builder_get_account_data(), registered as a wp_ajax_ AJAX handler accessible to all authenticated users. The function lacks capability checks (no current_user_can) and does not verify a no...

5.3CVSS5.8AI score0.00231EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.8 views

WordPress plugin e-shot form builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

5.3CVSS5.8AI score0.00231EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.7 views

PT-2026-26858

Name of the Vulnerable Software and Affected Versions e-shot form builder plugin for WordPress versions up to and including 1.0.2 Description The e-shot form builder plugin for WordPress is susceptible to exposure of sensitive information. The eshot form builder get account data function,...

5.3CVSS5.8AI score0.00231EPSS
Exploits0References9
Rows per page
Query Builder