173 matches found
CVE-2026-1371
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.5. This is due to missing authorization checks in the ajaxcoupondetails function, which only validates nonces but does not verify use...
CVE-2026-1371
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.5. This is due to missing authorization checks in the ajaxcoupondetails function, which only validates nonces but does not verify use...
EUVD-2026-5275
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.5. This is due to missing authorization checks in the ajaxcoupondetails function, which only validates nonces but does not verify use...
CVE-2025-14386 Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization 2.4.4 - 2.5.12 - Missing Authorization to Authenticated (Subscriber+) Authentication Bypass via Account Takeover
The Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the 'generatessourl' and 'validatessotoken' functions in versions 2.4.4 to 2.5.12. This makes it...
CVE-2026-0825 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.5 - Missing Authorization to Unauthenticated Form Data Exfiltration via CSV Export
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the CSV export functionality in all versions up to, and including, 1.4.5. This makes it possible for unauthenticated attackers to download...
MiracleLinux 7 : rh-postgresql12-postgresql-12.4-1.0.1.el7.AXS7 (AXSA:2020-947:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-947:01 advisory. postgresql: Uncontrolled search path element in logical replication CVE-2020-14349 postgresql: Uncontrolled search path element in CREATE EXTENSION...
MiracleLinux 8 : postgresql:16 (AXSA:2024-8740:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8740:01 advisory. postgresql: PostgreSQL pgstatsext and pgstatsextexprs lack authorization checks CVE-2024-4317 postgresql: PostgreSQL relation replacement during...
MiracleLinux 7 : rh-postgresql10-postgresql-10.12-2.el7 (AXSA:2020-4528:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-4528:01 advisory. PostgreSQL: stack-based buffer overflow via setting a password CVE-2019-10164 PostgreSQL: ALTER ... DEPENDS ON EXTENSION is missing authorization...
CVE-2026-1000
The CVE-2026-1000 entry describes a data-destructive vulnerability in the MailerLite – WooCommerce integration for WordPress (versions up to 3.1.3). Root cause: missing capability checks on resetIntegration(), enabling authenticated users with Subscriber-level access or higher to modify data it s...
CVE-2025-12641
CVE-2025-12641 affects the Awesome Support – WordPress HelpDesk & Support Plugin for WordPress (versions up to 6.3.6). The vulnerability is an authorization bypass caused by missing capabilities checks in wpas_do_mr_activate_user and a nonce namespace issue that allows unauthenticated attackers t...
CVE-2025-15378
CVE-2025-15378 concerns the WordPress AJS Footnotes plugin, where versions up to 1.0 are vulnerable to a stored XSS due to missing authorization/nonce verification on settings save and insufficient input sanitization/output escaping on two parameters: note_list_class and popup_display_effect_in. ...
CVE-2026-0506 Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform
Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines FORMs in the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs...
CVE-2025-13934 Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Course Enrollment Bypass
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course enrollment in all versions up to, and including, 3.9.3. This is due to a missing capability check and purchasability validation in the courseenrollment AJAX handler. This makes it possib...
CVE-2025-12640
CVE-2025-12640 concerns the WordPress plugin Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager . According to Wordfence, versions up to 3.1.5 are affected by an unauthorized arbitrary media replacement vulnerability caused by missing object-level authorizati...
Utarit SoliClub 安全漏洞
Utarit SoliClub is a mobile application from Utarit, Inc. A security vulnerability exists in Utarit SoliClub versions prior to 5.3.7, which stems from a lack of authorization checking and could lead to privilege abuse...
WordPress plugin IDonatePro 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
WordPress plugin Document Library Lite 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
Missing Authorization Checks
org.jenkins-ci.plugins, publish-to-bitbucket is vulnerable to missing authorization checks. The vulnerability is due to a missing permission check when accessing credential-related functionality, which allows an attacker with Overall/Read permission to enumerate credential IDs stored in Jenkins...
WordPress plugin CRM Memberships 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
CVE-2025-12634 Refund Request for WooCommerce <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Refund Status Update
The Refund Request for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updaterefundstatus' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level...