CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

151 matches found

RedhatCVE•added 2026/01/17 5:22 a.m.•3 views

CVE-2025-15370

The Shield: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 21.0.9 via the MfaGoogleAuthToggle class due to missing validation on a user controlled key. This makes it possible...

4.3CVSS5.7AI score0.00014EPSS

Exploits0References1

NVD•added 2026/01/16 5:16 a.m.•2 views

CVE-2025-15370

4.3CVSS0.00014EPSS

Exploits0References3

CVE•added 2026/01/16 4:44 a.m.•8 views

CVE-2025-15370

CVE-2025-15370 affects Shield: Blocks Bots, Protects Users, and Prevents Security Breaches (WordPress Shield Security plugin) up to version 21.0.9. The issue is an Insecure Direct Object Reference via MfaGoogleAuthToggle that allows authenticated attackers with Subscriber-level access and above t...

4.3CVSS5.3AI score0.00014EPSS

Exploits0References3

Cvelist•added 2026/01/16 4:44 a.m.•24 views

CVE-2025-15370 Shield Security <= 21.0.9 - Authenticated (Subscriber+) Insecure Direct Object Reference to Disable Google Authenticator

4.3CVSS0.00014EPSS

Exploits0References3

Vulnrichment•added 2026/01/16 4:44 a.m.•1 views

CVE-2025-15370 Shield Security <= 21.0.9 - Authenticated (Subscriber+) Insecure Direct Object Reference to Disable Google Authenticator

4.3CVSS5.3AI score0.00014EPSS

Exploits0References3

ATTACKERKB•added 2026/01/16 4:44 a.m.•1 views

CVE-2025-15370

4.3CVSS5.5AI score0.00014EPSS

Exploits0References4

Positive Technologies•added 2026/01/16 12:0 a.m.•2 views

PT-2026-3215

4.3CVSS5.7AI score0.00014EPSS

Exploits0References4

CNNVD•added 2026/01/16 12:0 a.m.•1 views

WordPress Plugin Shield: Blocks Bots, Protects Users, and Prevents Security Breaches

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00014EPSS

Exploits0References3

Patchstack•added 2026/01/15 11:9 p.m.•5 views

WordPress Shield Security plugin <= 21.0.9 - Authenticated (Subscriber+) Insecure Direct Object Reference to Disable Google Authenticator vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference to Disable Google Authenticator vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Shield Security versions = 21.0.9...

4.3CVSS7AI score0.00014EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/01/09 10:45 a.m.•5 views

CVE-2022-0229

The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog,...

8.1CVSS7AI score0.00233EPSS

Exploits2References1

RedhatCVE•added 2026/01/09 10:44 a.m.•4 views

CVE-2022-0875

The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks...

4.3CVSS6.3AI score0.00103EPSS

Exploits2References1

RedhatCVE•added 2025/12/19 7:32 a.m.•2 views

CVE-2025-54745

Missing Authorization vulnerability in miniOrange miniOrange's Google Authenticator miniorange-2-factor-authentication allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects miniOrange's Google Authenticator: from n/a through = 6.1.1...

6.5CVSS7AI score0.0005EPSS

Exploits0References1

EUVD•added 2025/12/18 9:30 a.m.•2 views

EUVD-2025-204198

6.5CVSS6.5AI score0.0005EPSS

Exploits0References2

NVD•added 2025/12/18 8:15 a.m.•2 views

CVE-2025-54745

6.5CVSS0.0005EPSS

Exploits0References1

CVE•added 2025/12/18 7:21 a.m.•2 views

CVE-2025-54745

CVE-2025-54745 concerns a Missing Authorization vulnerability in miniOrange’s Google Authenticator WordPress plugin (miniorange-2-factor-authentication) up to version 6.1.1. Connected sources confirm a Broken Access Control/Incorrectly Configured Access Control vulnerability affecting the plugin ...

6.5CVSS6.6AI score0.0005EPSS

Exploits0References1

Cvelist•added 2025/12/18 7:21 a.m.•21 views

CVE-2025-54745 WordPress miniOrange's Google Authenticator Plugin <= 6.1.1 - Broken Access Control Vulnerability

6.5CVSS0.0005EPSS

Exploits0References1

Vulnrichment•added 2025/12/18 7:21 a.m.•2 views

CVE-2025-54745 WordPress miniOrange's Google Authenticator Plugin <= 6.1.1 - Broken Access Control Vulnerability

6.6AI score0.0005EPSS

Exploits0References1

Positive Technologies•added 2025/12/18 12:0 a.m.•2 views

PT-2025-52048

Name of the Vulnerable Software and Affected Versions miniOrange's Google Authenticator versions through 6.1.1 Description The software contains a missing authorization issue related to incorrectly configured access control security levels. This allows for exploitation of the system...

6.5CVSS6.5AI score0.0005EPSS

Exploits0References3

CNNVD•added 2025/12/18 12:0 a.m.•1 views

WordPress plugin miniOranges Google Authenticator 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

6.5CVSS6.6AI score0.0005EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2012-6001

Malware in sbrugna...

1.9CVSS6.2AI score0.00026EPSS

Exploits2References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by