Lucene search
K

363 matches found

Patchstack
Patchstack
added 2026/05/29 9:24 a.m.16 views

WordPress OTP Login With Phone Number, OTP Verification plugin 1.8.50-1.8.60 - Unauthenticated Authentication Bypass vulnerability

Unauthenticated Authentication Bypass vulnerability discovered by luckybuddy in WordPress Plugin Login with phone number versions 1.8.50-1.8.60...

9.8CVSS5.8AI score0.00492EPSS
Exploits0References1Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in mbedtls

A issue was discovered in Arm Mbed TLS before version 2.23.0. A remote attacker can retrieve plaintext data because a certain countermeasure, known as “Lucky 13,” does not properly handle the case where a hardware accelerator is involved...

7.5CVSS7.3AI score0.01195EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/12 7:33 a.m.5 views

CVE-2025-14541

The Lucky Wheel Giveaway plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.22 via the conditionaltags parameter. This is due to the plugin using PHP's eval function on user-controlled input without proper validation or sanitization. This makes i...

7.2CVSS6AI score0.00478EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/11 1:23 a.m.5 views

CVE-2025-14541

The Lucky Wheel Giveaway plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.22 via the conditionaltags parameter. This is due to the plugin using PHP's eval function on user-controlled input without proper validation or sanitization. This makes i...

7.2CVSS6AI score0.00478EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/11 1:23 a.m.3 views

CVE-2025-14541 Lucky Wheel Giveaway <= 1.0.22 - Authenticated (Administrator+) Remote Code Execution via 'conditional_tags' Parameter

The Lucky Wheel Giveaway plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.22 via the conditionaltags parameter. This is due to the plugin using PHP's eval function on user-controlled input without proper validation or sanitization. This makes i...

7.2CVSS6AI score0.00478EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/11 1:23 a.m.27 views

CVE-2025-14541 Lucky Wheel Giveaway <= 1.0.22 - Authenticated (Administrator+) Remote Code Execution via 'conditional_tags' Parameter

The Lucky Wheel Giveaway plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.22 via the conditionaltags parameter. This is due to the plugin using PHP's eval function on user-controlled input without proper validation or sanitization. This makes i...

7.2CVSS0.00478EPSS
Exploits0References2
CVE
CVE
added 2026/02/11 1:23 a.m.20 views

CVE-2025-14541

CVE-2025-14541 refers to the WordPress plugin “Lucky Wheel Giveaway” (versions up to and including 1.0.22) with a Remote Code Execution vulnerability. The root cause is PHP eval() being applied to user-controlled input via the conditional_tags parameter, allowing an authenticated attacker with Ad...

7.2CVSS6AI score0.00478EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.9 views

WordPress plugin Lucky Wheel Giveaway 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.2CVSS6AI score0.00478EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/02/10 10:54 p.m.7 views

WordPress Lucky Wheel Giveaway plugin <= 1.0.22 - Authenticated (Administrator+) Remote Code Execution via 'conditional_tags' Parameter vulnerability

Authenticated Administrator+ Remote Code Execution via 'conditionaltags' Parameter vulnerability discovered by Nguyen Truong Roll - FPT IS in WordPress Plugin Lucky Wheel Giveaway versions = 1.0.22...

7.2CVSS5.7AI score0.00478EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/19 12:0 a.m.5 views

MiracleLinux 3 : openssl-0.9.8e-26.AXS3.1 (AXSA:2013-126:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-126:01 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries...

5CVSS7.1AI score0.35584EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2026/01/09 9:33 a.m.8 views

CVE-2024-39208

luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials...

9.8CVSS7.4AI score0.00581EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/31 12:5 p.m.5 views

CVE-2025-14509

The Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.1.13. This is due to the plugin using eval to execute user-supplied input from the 'Conditional Tags' setting without proper validation or sanitization...

7.2CVSS6.8AI score0.00541EPSS
Exploits0References1
NVD
NVD
added 2025/12/30 12:15 p.m.4 views

CVE-2025-14509

The Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.1.13. This is due to the plugin using eval to execute user-supplied input from the 'Conditional Tags' setting without proper validation or sanitization...

7.2CVSS0.00541EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/30 11:14 a.m.28 views

CVE-2025-14509 Lucky Wheel for WooCommerce – Spin a Sale <= 1.1.13 - Authenticated (Administrator+) PHP Code Injection via Conditional Tags

The Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.1.13. This is due to the plugin using eval to execute user-supplied input from the 'Conditional Tags' setting without proper validation or sanitization...

7.2CVSS0.00541EPSS
Exploits0References4
CVE
CVE
added 2025/12/30 11:14 a.m.26 views

CVE-2025-14509

CVE-2025-14509 (Lucky Wheel for WooCommerce – Spin a Sale) is a PHP code injection flaw in the plugin that uses eval() to execute unsanitized input from the Conditional Tags setting. It affects all versions up to 1.1.13, enabling authenticated attackers with Administrator-level access (and, in Wo...

7.2CVSS6.4AI score0.00541EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/12/30 6:6 a.m.6 views

WordPress Lucky Wheel for WooCommerce – Spin a Sale plugin <= 1.1.13 - Authenticated (Administrator+) PHP Code Injection via Conditional Tags vulnerability

Authenticated Administrator+ PHP Code Injection via Conditional Tags vulnerability discovered by Nguyen Truong Roll - FPT IS in WordPress Plugin Lucky Wheel for WooCommerce – Spin a Sale versions = 1.1.13...

7.2CVSS7.2AI score0.00541EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.8 views

WordPress plugin Lucky Wheel for WooCommerce – Spin a Sale 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based...

7.2CVSS7.4AI score0.00541EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/13 6:30 p.m.5 views

EUVD-2025-203225

The Lucky Draw Contests plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2. This is due to missing or incorrect nonce validation in misc-settings.php. This makes it possible for unauthenticated attackers to update plugin settings via a forge...

4.3CVSS4.9AI score0.00112EPSS
Exploits0References3
NVD
NVD
added 2025/12/13 4:16 p.m.5 views

CVE-2025-14462

The Lucky Draw Contests plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2. This is due to missing or incorrect nonce validation in misc-settings.php. This makes it possible for unauthenticated attackers to update plugin settings via a forge...

4.3CVSS0.00112EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/13 4:31 a.m.25 views

CVE-2025-14462 Lucky Draw Contests <= 4.2 - Cross-Site Request Forgery to Plugin Settings Update

The Lucky Draw Contests plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2. This is due to missing or incorrect nonce validation in misc-settings.php. This makes it possible for unauthenticated attackers to update plugin settings via a forge...

4.3CVSS0.00112EPSS
Exploits0References2
Rows per page
Query Builder