Lucene search
K

8 matches found

Cvelist
Cvelist
added 2026/05/05 8:27 a.m.62 views

CVE-2026-3601 User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Limited Page Content Modification

The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the embedformaction function in all versions up to, and including, 5.1.4. This makes it possible for authenticated attackers, with Contributor-level acce...

4.3CVSS0.003EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/05/04 7:57 p.m.15 views

WordPress User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Limited Page Content Modification vulnerability

Missing Authorization to Authenticated Contributor+ Limited Page Content Modification vulnerability discovered by Hunter Jensen skid in WordPress Plugin User Registration versions = 5.1.4...

4.3CVSS5.8AI score0.003EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/03/25 5:16 p.m.5 views

CVE-2026-25361

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in magepeopleteam WpEvently mage-eventpress allows Reflected XSS.This issue affects WpEvently: from n/a through = 5.1.4...

7.1CVSS0.0018EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/24 6:30 p.m.5 views

CVE-2025-53451

Cross-Site Request Forgery CSRF vulnerability in mihdan Mihdan: No External Links mihdan-no-external-links allows Cross Site Request Forgery.This issue affects Mihdan: No External Links: from n/a through = 5.1.6.2...

5.4CVSS5.9AI score0.00158EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/11 7:24 a.m.10 views

CVE-2025-8417 Catalog Importer, Scraper & Crawler <= 5.1.4 - Unauthenticated PHP Code Injection

The Catalog Importer, Scraper & Crawler plugin for WordPress is vulnerable to PHP code injection in all versions up to, and including, 5.1.4. This is due to reliance on a guessable numeric token e.g. ?key= 900001705 without proper authentication, combined with the unsafe use of eval on...

8.1CVSS0.00654EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/11/08 12:0 a.m.6 views

PrestaShop Authorization Issues Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts, and product image scaling. An authorization issue vulnerability exists in PrestaShop blockreassurance versions prior to 5.1.4. The...

8.1CVSS6.8AI score0.00771EPSS
Exploits0References6
CNVD
CNVD
added 2018/01/02 12:0 a.m.5 views

Ruby on Rails SQL Injection Vulnerability (CNVD-2018-01347)

Ruby on Rails is a Web application development framework written in the Ruby language. A SQL injection vulnerability exists in the 'reorder' method in Ruby on Rails 5.1.4 and earlier. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands via the 'name' parameter...

8.1CVSS8.7AI score0.01518EPSS
Exploits1References1
OSV
OSV
added 2017/12/29 4:29 p.m.4 views

DEBIAN-CVE-2017-17920

SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted...

8.1CVSS8.7AI score0.01518EPSS
Exploits1References1
Rows per page
Query Builder