Lucene search
K

9 matches found

Vulnrichment
Vulnrichment
added 2026/04/24 3:27 a.m.3 views

CVE-2026-2028 Maxi Blocks <= 2.1.8 - Missing Authorization to Authenticated (Author+) Media File Deletion via 'old_media_src' Parameter

The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary media file deletion due to insufficient file ownership validation on the 'maxiremovecustomimagesize' AJAX action in all versions up to, and including, 2.1.8. This makes it possible for authenticated attackers, with Author-leve...

5.3CVSS5.4AI score0.00318EPSS
Exploits0References6
CVE
CVE
added 2025/12/17 7:50 p.m.11 views

CVE-2025-34435

AVideo

8.7CVSS6.4AI score0.00289EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-31885

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.0091EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/02/05 5:27 a.m.9 views

CVE-2024-1170

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the handledeletedmedia function in all versions up to, and including,...

8.2CVSS6.8AI score0.00725EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/02 4:52 p.m.9 views

CVE-2024-3295 User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Unauthenticated Media Deletion

The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the profilepicremove function in versions up to, and including, 3.1.5. This makes it possible for...

6.5CVSS5.9AI score0.0091EPSS
Exploits0References4
CVE
CVE
added 2024/03/07 11:1 a.m.65 views

CVE-2024-1170

The CVE-2024-1170 entry concerns the BuddyForms (Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions) WordPress plugin. A missing capability check in the handle_deleted_media function allows unauthenticated attackers to delete arbitrary med...

8.2CVSS8.6AI score0.00725EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/03/07 12:0 a.m.4 views

WordPress Plugin buddyforms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

8.2CVSS6.5AI score0.00725EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.38 views

CVE-2023-0291 Quiz And Survey Master <= 8.0.8 - Unauthenticated Arbitrary Media Deletion

The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsmremovefilefdquestion AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated attackers to delete arbitrar...

7.2CVSS7.4AI score0.02034EPSS
Exploits5References4
Patchstack
Patchstack
added 2022/01/12 12:0 a.m.8 views

WordPress WP Ultimate CSV Importer plugin <= 6.4 - Arbitrary Media File Deletion vulnerability

Arbitrary Media File Deletion vulnerability restricted to the uploads folder of the current year/month discovered in WordPress WP Ultimate CSV Importer plugin versions = 6.4. Solution Update the WordPress WP Ultimate CSV Importer plugin to the latest available version at least 6.4.1...

3.4AI score
Exploits0References1Affected Software1
Rows per page
Query Builder