Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.3 views

CVE-2026-2720

The Hr Press Lite plugin for WordPress is vulnerable to unauthorized access of sensitive employee data due to a missing capability check on the hrp-fetch-employees AJAX action in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/23 6:59 p.m.7 views

WordPress Hr Press Lite plugin <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Employee Information Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Employee Information Exposure vulnerability discovered by WordFence in WordPress Plugin Hr Press Lite versions = 1.0.2...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/21 3:27 a.m.1 views

CVE-2026-2720 Hr Press Lite <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Employee Information Exposure

The Hr Press Lite plugin for WordPress is vulnerable to unauthorized access of sensitive employee data due to a missing capability check on the hrp-fetch-employees AJAX action in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References5
CVE
CVE
added 2026/03/21 3:27 a.m.9 views

CVE-2026-2720

The Hr Press Lite WordPress plugin is vulnerable due to a missing capability check on the hrp-fetch-employees AJAX action in all versions up to 1.0.2, allowing authenticated users with Subscriber-level access and above to fetch sensitive employee data (names, emails, phone numbers, salary/pay rat...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:27 a.m.7 views

CVE-2026-2720

The Hr Press Lite plugin for WordPress is vulnerable to unauthorized access of sensitive employee data due to a missing capability check on the hrp-fetch-employees AJAX action in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References6
Rows per page
Query Builder