Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/06/10 6:0 a.m.45 views

CVE-2026-9067 Schema & Structured Data for WP & AMP < 1.60 - Unauthenticated Arbitrary Media Upload

The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any fil...

0.00426EPSS
Exploits1References1
NVD
NVD
added 2026/01/02 3:15 a.m.6 views

CVE-2025-14047

The Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission – WP User Frontend plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'FrontendFormAjax::submitpost' function in all versions up to,...

5.3CVSS0.00245EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/12/05 6:7 a.m.4 views

CVE-2025-12354 Live CSS Preview <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The Live CSS Preview plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxfrontendsave' AJAX endpoint in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Subscriber-level access an...

4.3CVSS5.8AI score0.0019EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2025/09/11 12:0 a.m.8 views

VulnCheck KEV: CVE-2022-0169

The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwgtagidbwgthumbnails0 parameter before using it in a SQL statement via the bwgfrontenddata AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL injection...

9.8CVSS5.9AI score0.74615EPSS
In wildExploits4References2
Rows per page
Query Builder