Lucene search
K

10269 matches found

OSV
OSV
added 2026/01/07 11:19 p.m.3 views

CVE-2026-21695 Titra API Contains Mass Assignment Vulnerability

Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time entries, bypassing business logic controls via the customfields parameter. The affected endpoint use...

4.3CVSS6.6AI score0.00244EPSS
Exploits1References4
NVD
NVD
added 2026/01/07 12:16 p.m.7 views

CVE-2025-12030

The ACF to REST API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.4. This is due to insufficient capability checks in the updateitempermissionscheck method, which only verifies that the current user has the editposts capability...

4.3CVSS0.00289EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/07 9:53 a.m.9 views

CVE-2013-7476

The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface...

8.8CVSS7.1AI score0.00674EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:36 a.m.9 views

CVE-2019-7411

Multiple stored cross-site scripting XSS in the MyThemeShop Launcher plugin 1.0.8 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via fields as follows: 1 Title, 2 Favicon, 3 Meta Description, 4 Subscribe Form Name field label, Last name field label, Email...

5.4CVSS5.4AI score0.00924EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:32 a.m.18 views

CVE-2019-16693

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used...

9.8CVSS8AI score0.04338EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:31 a.m.7 views

CVE-2019-16694

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used...

9.8CVSS8AI score0.01881EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:30 a.m.8 views

CVE-2019-16195

Centreon before 2.8.30, 18.x before 18.10.8, and 19.x before 19.04.5 allows XSS via myAccount alias and name fields...

6.1CVSS5.9AI score0.01273EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:29 a.m.5 views

CVE-2019-12723

An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via containerid and oldorder parameters to ajax/reorder.php by an unauthenticated user...

9.8CVSS8.3AI score0.02021EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:12 a.m.5 views

CVE-2025-14997

The BuddyPress Xprofile Custom Field Types plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'deletefield' function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level...

7.2CVSS7.2AI score0.00615EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/07 8:21 a.m.28 views

CVE-2025-12030 ACF to REST API <= 3.3.4 - Insecure Direct Object Reference to Authenticated (Contributor+) ACF Field/Option Modification

The ACF to REST API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.4. This is due to insufficient capability checks in the updateitempermissionscheck method, which only verifies that the current user has the editposts capability...

4.3CVSS0.00289EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/07 8:21 a.m.7 views

CVE-2025-12030 ACF to REST API <= 3.3.4 - Insecure Direct Object Reference to Authenticated (Contributor+) ACF Field/Option Modification

The ACF to REST API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.4. This is due to insufficient capability checks in the updateitempermissionscheck method, which only verifies that the current user has the editposts capability...

4.3CVSS5.3AI score0.00289EPSS
Exploits1References3
CVE
CVE
added 2026/01/07 8:21 a.m.29 views

CVE-2025-12030

The CVE pertains to the WordPress plugin ACF to REST API, vulnerable up to version 3.3.4 due to a faulty update_item_permissions_check() that only tests the generic edit_posts capability. This permits authenticated users with Contributor-level access or higher to modify ACF fields on objects they...

4.3CVSS5.3AI score0.00289EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.9 views

WordPress plugin ACF to REST API 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

4.3CVSS6.3AI score0.00289EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.10 views

PT-2026-2092

Name of the Vulnerable Software and Affected Versions Titra versions 0.99.49 and below Description Titra is open source project time tracking software. An API has a Mass Assignment issue that allows authenticated users to inject arbitrary fields into time entries, bypassing business logic control...

4.3CVSS6.6AI score0.00244EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.12 views

PT-2026-1585

Name of the Vulnerable Software and Affected Versions ACF to REST API plugin for WordPress versions through 3.3.4 Description The ACF to REST API plugin for WordPress is affected by an Insecure Direct Object Reference issue. Insufficient capability checks in the update item permissions check meth...

4.3CVSS6.1AI score0.00289EPSS
Exploits1References5
Patchstack
Patchstack
added 2026/01/06 10:46 p.m.10 views

WordPress ACF to REST API plugin <= 3.3.4 - Insecure Direct Object Reference to Authenticated (Contributor+) ACF Field/Option Modification vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ ACF Field/Option Modification vulnerability discovered by Kai Aizen in WordPress Plugin ACF to REST API versions = 3.3.4...

4.3CVSS7AI score0.00289EPSS
Exploits1References1Affected Software1
GithubExploit
GithubExploit
added 2026/01/06 9:17 p.m.155 views

Exploit for CVE-2025-12030

CVE-2025-12030: Insecure Direct Object Reference in ACF to RES...

6.1AI score0.00289EPSS
Exploits1
CVE
CVE
added 2026/01/06 7:22 a.m.16 views

CVE-2025-12067

CVE-2025-12067 involves the WordPress plugin Table Field Add-on for ACF and SCF. The issue is stored XSS via Table Cell Content in versions up to 1.3.30, caused by insufficient input sanitization and output escaping. The vulnerability can be triggered by authenticated attackers with Author-level ...

6.4CVSS4.7AI score0.00159EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/06 7:22 a.m.29 views

CVE-2025-12067 Table Field Add-on for ACF and SCF <= 1.3.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table Cell Content

The Table Field Add-on for ACF and SCF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Cell Content in all versions up to, and including, 1.3.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00159EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/06 12:0 a.m.5 views

WordPress plugin Table Field Add-on for ACF and SCF 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL based...

6.4CVSS5.5AI score0.00159EPSS
Exploits0References2
Rows per page
Query Builder