Lucene search
K

11 matches found

NVD
NVD
added 5 days ago6 views

CVE-2026-13250

The Solace Extra plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.5.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to permanently delete all...

5.3CVSS0.00273EPSS
Exploits0References8
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-43141

The Solace Extra plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.5.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to permanently delete all...

5.3CVSS6.1AI score0.00273EPSS
Exploits0References8
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-13250 Solace Extra <= 1.5.3 - Missing Authorization to Unauthenticated Arbitrary Content Deletion via delete_previously_imported AJAX Action

The Solace Extra plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.5.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to permanently delete all...

5.3CVSS0.00273EPSS
Exploits0References8
CVE
CVE
added 5 days ago15 views

CVE-2026-13250

Solace Extra (WordPress) up to version 1.5.3 is affected by an authorization bypass in the delete_previously_imported AJAX action. The issue allows unauthenticated users to permanently delete content imported via the Starter Template (posts, pages, media, WooCommerce products, terms, sitebuilder ...

5.3CVSS6.1AI score0.00273EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.14 views

WordPress plugin Post Snippets 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.4CVSS5.7AI score0.00244EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-43883

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00703EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/02/03 11:45 p.m.5 views

WordPress WP All Import Pro plugin < 4.9.8 - Cross-Site Request Forgery to Imported Content Deletion vulnerability

Cross-Site Request Forgery to Imported Content Deletion vulnerability discovered by ? in WordPress Plugin WP All Import Pro versions 4.9.8...

4.3CVSS7AI score0.00161EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/02/03 11:14 p.m.4 views

WordPress WP All Import plugin <= 3.7.9 - Cross-Site Request Forgery to Imported Content Deletion

Cross-Site Request Forgery to Imported Content Deletion vulnerability discovered by ? in WordPress Plugin WP All Import versions = 3.7.9...

4.3CVSS7AI score0.00161EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/10 12:0 a.m.18 views

Royal Elementor Addons < 1.3.60 - Subscriber+ Arbitrary Import Deletion

The plugin does not have authorisation and CSRF checks when deleting imported content, which could allow any authenticated user, such as subscriber to perform such action...

8.1CVSS2.9AI score0.00945EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2023/01/09 11:15 p.m.3 views

CVE-2022-3679

The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

8.8CVSS5.8AI score0.00922EPSS
Exploits2References1
OSV
OSV
added 2022/09/26 1:15 p.m.4 views

CVE-2022-2903

The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

7.2CVSS5.8AI score0.01091EPSS
Exploits2References1
Rows per page
Query Builder