Lucene search
+L

2152 matches found

euvd
euvd
added 2026/05/13 5:29 a.m.23 views

EUVD-2025-209822

The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getticketcontentcallback' function in all versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to view any...

5.3CVSS5.8AI score0.00256EPSS
Exploits0References6
cvelist
cvelist
added 2026/05/13 5:29 a.m.60 views

CVE-2025-14033 ilGhera Support System for WooCommerce <= 1.3.0 - Missing Authorization to Unauthenticated Sensitive Information Exposure

The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getticketcontentcallback' function in all versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to view any...

5.3CVSS0.00256EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/05/13 5:29 a.m.9 views

CVE-2025-14033

The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getticketcontentcallback' function in all versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to view any...

5.3CVSS5.8AI score0.00256EPSS
Exploits0References7
cve
cve
added 2026/05/13 5:29 a.m.13 views

CVE-2025-14033

CVE-2025-14033 affects the WordPress plugin “ilGhera Support System for WooCommerce” (woocommerce integration) with versions up to and including 1.3.0. The vulnerability is a missing capability check in get_ticket_content_callback, allowing unauthenticated attackers to read any support ticket con...

5.3CVSS5.8AI score0.00256EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/05/13 4:26 a.m.6 views

CVE-2025-9988

The Broadstreet plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the createadvertiser AJAX action in all versions up to, and including, 1.53.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create...

4.3CVSS5.8AI score0.00158EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/05/13 12:0 a.m.14 views

PT-2026-40611

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pm invite user function in all versions up to, and including, 5.9.8.4. This makes it possible for authenticated attackers, with Subscriber-lev...

7.1CVSS5.8AI score0.00219EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/05/13 12:0 a.m.20 views

PT-2026-40586

The Hostinger Reach – AI-Powered Email Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handle ajax action' function in all versions up to, and including, 1.3.8. This makes it possible for authenticated...

5.3CVSS5.7AI score0.00378EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/05/13 12:0 a.m.14 views

PT-2026-40559

The Broadstreet plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the create advertiser AJAX action in all versions up to, and including, 1.53.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create...

4.3CVSS5.8AI score0.00158EPSS
Exploits0References2
euvd
euvd
added 2026/05/12 9:31 a.m.39 views

EUVD-2026-29399

The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation logic flaw in the saabcancelbooking function in all versions up to, and including, 1.0.8. The nonce check uses && AND instead of || OR,...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References5
wpvulndb
wpvulndb
added 2026/05/07 12:0 a.m.14 views

3D viewer – Embed 3D Models < 1.8.6 - Missing Authorization

Description The 3D viewer – Embed 3D Models plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.8.5. This makes it possible for authenticated attackers, with contributor-level access and above, to perform an...

4.3CVSS5.8AI score0.00141EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/06 8:22 p.m.8 views

CVE-2026-3601

The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the embedformaction function in all versions up to, and including, 5.1.4. This makes it possible for authenticated attackers, with Contributor-level acce...

4.3CVSS5.9AI score0.003EPSS
Exploits0References1
cve
cve
added 2026/05/05 8:27 a.m.21 views

CVE-2026-3601

Summary: CVE-2026-3601 affects the WordPress plugin “User Registration & Membership” (versions

4.3CVSS5.9AI score0.003EPSS
Exploits0References6
cvelist
cvelist
added 2026/05/05 8:27 a.m.65 views

CVE-2026-3601 User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Limited Page Content Modification

The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the embedformaction function in all versions up to, and including, 5.1.4. This makes it possible for authenticated attackers, with Contributor-level acce...

4.3CVSS0.003EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2026/05/05 8:27 a.m.8 views

CVE-2026-3601 User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Limited Page Content Modification

The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the embedformaction function in all versions up to, and including, 5.1.4. This makes it possible for authenticated attackers, with Contributor-level acce...

4.3CVSS5.9AI score0.003EPSS
Exploits0References6
euvd
euvd
added 2026/05/05 6:31 a.m.25 views

EUVD-2026-27213

The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the LiveAction::reset function in all versions up to, and including, 3.8.2 The function is hooked to the WordPress init action and triggers when both post...

6.5CVSS5.8AI score0.00355EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/05/05 12:0 a.m.20 views

PT-2026-36971

The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Live Action::reset function in all versions up to, and including, 3.8.2 The function is hooked to the WordPress init action and triggers when both post...

6.5CVSS5.8AI score0.00355EPSS
Exploits0References7
redhatcve
redhatcve
added 2026/05/04 8:21 p.m.6 views

CVE-2026-3143

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxclicancel' function in all versions up to, and including, 1.17.1. This makes it possible for...

5.3CVSS5.8AI score0.00257EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/05/02 8:27 a.m.7 views

CVE-2026-4024

The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wprupdateformactionmeta AJAX action in all versions up to, and including, 1.7.1056. The handler is registered on both wpajax and wpajaxnopriv hooks, maki...

5.3CVSS5.8AI score0.00501EPSS
Exploits0References8
cve
cve
added 2026/05/02 4:27 a.m.16 views

CVE-2026-6963

CVE-2026-6963 affects the WP Mail Gateway WordPress plugin (up to version 1.8). The issue is a missing capability check on the wmg_save_provider_config AJAX action, allowing authenticated users with Subscriber-level access or higher to modify SMTP settings and redirect mail. This can be leveraged...

8.8CVSS5.8AI score0.00396EPSS
Exploits0References6
euvd
euvd
added 2026/05/02 4:27 a.m.5 views

EUVD-2026-26736

The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wmgsaveproviderconfig AJAX action in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update...

8.8CVSS5.8AI score0.00396EPSS
Exploits0References6
Rows per page
Query Builder