Lucene search
K

5 matches found

NVD
NVD
added 2026/01/23 1:15 p.m.11 views

CVE-2025-14866

The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.1. This is due to a misconfigured capability check on the 'savesecondaryrolesfield' function. This makes it possible for authenticated attackers, with Subscriber-level...

8.8CVSS0.00365EPSS
Exploits0References4
NVD
NVD
added 2025/11/27 1:15 p.m.3 views

CVE-2025-12971

The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on the 'wcpchangepostfolder' function in all versions up to, and including, 3.1.5. This make...

4.3CVSS0.00198EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/08 7:26 a.m.7 views

CVE-2025-12621 Flexible Refund and Return Order for WooCommerce <= 1.0.42 - Incorrect Authorization to Authenticated (Contributor+) Refund Status Update

The Flexible Refund and Return Order for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on the 'createrefund' function in all versions up to, and including, 1.0.42. This makes it possible for authenticated attackers, wit...

5.3CVSS0.00227EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/05/17 12:0 a.m.2 views

WordPress plugin MultiVendorX – WooCommerce Multivendor Marketplace Solutions 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability in WordPress plugin MultiVendorX -...

4.3CVSS7.9AI score0.00247EPSS
Exploits0References5
NVD
NVD
added 2025/03/22 12:15 p.m.17 views

CVE-2025-2331

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.22.1 via a misconfigured capability check in the 'permissionsCheck' function. This makes it possible for authenticated attackers, with...

6.5CVSS0.0035EPSS
Exploits0References5
Rows per page
Query Builder