Lucene search
+L

173 matches found

RedhatCVE
RedhatCVE
added 2026/02/04 1:20 p.m.6 views

CVE-2026-1371

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.5. This is due to missing authorization checks in the ajaxcoupondetails function, which only validates nonces but does not verify use...

5.3CVSS5.3AI score0.00282EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 7:31 a.m.5 views

CVE-2026-1371

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.5. This is due to missing authorization checks in the ajaxcoupondetails function, which only validates nonces but does not verify use...

5.3CVSS5.3AI score0.00282EPSS
Exploits0References5
EUVD
EUVD
added 2026/02/03 7:31 a.m.7 views

EUVD-2026-5275

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.5. This is due to missing authorization checks in the ajaxcoupondetails function, which only validates nonces but does not verify use...

5.3CVSS5.3AI score0.00282EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/28 11:23 a.m.38 views

CVE-2025-14386 Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization 2.4.4 - 2.5.12 - Missing Authorization to Authenticated (Subscriber+) Authentication Bypass via Account Takeover

The Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the 'generatessourl' and 'validatessotoken' functions in versions 2.4.4 to 2.5.12. This makes it...

8.8CVSS0.00372EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/28 6:43 a.m.7 views

CVE-2026-0825 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.5 - Missing Authorization to Unauthenticated Form Data Exfiltration via CSV Export

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the CSV export functionality in all versions up to, and including, 1.4.5. This makes it possible for unauthenticated attackers to download...

5.3CVSS5.9AI score0.00408EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 7 : rh-postgresql12-postgresql-12.4-1.0.1.el7.AXS7 (AXSA:2020-947:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-947:01 advisory. postgresql: Uncontrolled search path element in logical replication CVE-2020-14349 postgresql: Uncontrolled search path element in CREATE EXTENSION...

7.3CVSS7.5AI score0.02235EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : postgresql:16 (AXSA:2024-8740:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8740:01 advisory. postgresql: PostgreSQL pgstatsext and pgstatsextexprs lack authorization checks CVE-2024-4317 postgresql: PostgreSQL relation replacement during...

8.8CVSS6AI score0.01565EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 7 : rh-postgresql10-postgresql-10.12-2.el7 (AXSA:2020-4528:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-4528:01 advisory. PostgreSQL: stack-based buffer overflow via setting a password CVE-2019-10164 PostgreSQL: ALTER ... DEPENDS ON EXTENSION is missing authorization...

9CVSS8.4AI score0.03711EPSS
Exploits0References3
CVE
CVE
added 2026/01/16 4:44 a.m.73 views

CVE-2026-1000

The CVE-2026-1000 entry describes a data-destructive vulnerability in the MailerLite – WooCommerce integration for WordPress (versions up to 3.1.3). Root cause: missing capability checks on resetIntegration(), enabling authenticated users with Subscriber-level access or higher to modify data it s...

6.5CVSS4.9AI score0.00282EPSS
Exploits0References5
CVE
CVE
added 2026/01/16 4:44 a.m.21 views

CVE-2025-12641

CVE-2025-12641 affects the Awesome Support – WordPress HelpDesk & Support Plugin for WordPress (versions up to 6.3.6). The vulnerability is an authorization bypass caused by missing capabilities checks in wpas_do_mr_activate_user and a nonce namespace issue that allows unauthenticated attackers t...

6.5CVSS5.4AI score0.00363EPSS
Exploits0References6
CVE
CVE
added 2026/01/14 5:28 a.m.22 views

CVE-2025-15378

CVE-2025-15378 concerns the WordPress AJS Footnotes plugin, where versions up to 1.0 are vulnerable to a stored XSS due to missing authorization/nonce verification on settings save and insufficient input sanitization/output escaping on two parameters: note_list_class and popup_display_effect_in. ...

7.2CVSS4.9AI score0.00275EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/13 1:14 a.m.4 views

CVE-2026-0506 Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform

Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines FORMs in the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs...

8.1CVSS6.6AI score0.00228EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/09 7:22 a.m.28 views

CVE-2025-13934 Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Course Enrollment Bypass

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course enrollment in all versions up to, and including, 3.9.3. This is due to a missing capability check and purchasability validation in the courseenrollment AJAX handler. This makes it possib...

4.3CVSS0.00202EPSS
Exploits0References2
CVE
CVE
added 2026/01/08 2:21 a.m.14 views

CVE-2025-12640

CVE-2025-12640 concerns the WordPress plugin Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager . According to Wordfence, versions up to 3.1.5 are affected by an unauthorized arbitrary media replacement vulnerability caused by missing object-level authorizati...

4.3CVSS5.5AI score0.00158EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.2 views

Utarit SoliClub 安全漏洞

Utarit SoliClub is a mobile application from Utarit, Inc. A security vulnerability exists in Utarit SoliClub versions prior to 5.3.7, which stems from a lack of authorization checking and could lead to privilege abuse...

5.4CVSS6.6AI score0.00143EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.3 views

WordPress plugin IDonatePro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

7.5CVSS6.6AI score0.00287EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.7 views

WordPress plugin Document Library Lite 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.3CVSS6.6AI score0.00262EPSS
Exploits0References1
Veracode
Veracode
added 2025/12/13 5:15 a.m.8 views

Missing Authorization Checks

org.jenkins-ci.plugins, publish-to-bitbucket is vulnerable to missing authorization checks. The vulnerability is due to a missing permission check when accessing credential-related functionality, which allows an attacker with Overall/Read permission to enumerate credential IDs stored in Jenkins...

4.3CVSS6.7AI score0.00245EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.7 views

WordPress plugin CRM Memberships 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

9.8CVSS7AI score0.00495EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/11/25 7:28 a.m.8 views

CVE-2025-12634 Refund Request for WooCommerce <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Refund Status Update

The Refund Request for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updaterefundstatus' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS0.00163EPSS
Exploits0References2
Rows per page
Query Builder