Lucene search
+L

2152 matches found

ptsecurity
ptsecurity
added 2026/04/04 12:0 a.m.14 views

PT-2026-30303

The Pie Register – User Registration, Profiles & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pie main function in all versions up to, and including, 3.8.4.8. This makes it possible for unauthenticated attacke...

6.5CVSS5.9AI score0.00284EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/04/02 5:4 a.m.13 views

CVE-2026-3831

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the entriesshortcode function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with...

4.3CVSS5.9AI score0.00229EPSS
Exploits0References1
euvd
euvd
added 2026/04/01 3:31 a.m.6 views

EUVD-2026-17763

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the entriesshortcode function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with...

4.3CVSS5.9AI score0.00229EPSS
Exploits0References3
nvd
nvd
added 2026/04/01 2:16 a.m.7 views

CVE-2026-3831

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the entriesshortcode function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with...

4.3CVSS0.00229EPSS
Exploits0References2
cve
cve
added 2026/04/01 1:24 a.m.14 views

CVE-2026-3831

The CVE-2026-3831 entry concerns the Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress. A missing capability check in entries_shortcode() affects all versions up to 1.4.9, enabling authenticated users with Contributor-level access and above to access all form submissions ...

4.3CVSS5.9AI score0.00229EPSS
Exploits0References2
euvd
euvd
added 2026/03/31 6:31 a.m.8 views

EUVD-2026-17315

The WooPayments: Integrated WooCommerce Payments plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveupeappearanceajax' function in all versions up to, and including, 10.5.1. This makes it possible for unauthenticated attackers to...

6.5CVSS5.9AI score0.00267EPSS
Exploits0References4
cve
cve
added 2026/03/31 4:25 a.m.14 views

CVE-2026-1710

CVE-2026-1710 affects the WooPayments: Integrated WooCommerce Payments plugin for WordPress. A missing capability check in the save_upe_appearance_ajax function allows unauthenticated attackers to modify plugin settings on all versions up to and including 10.5.1. Impact is unauthenticated data mo...

6.5CVSS5.9AI score0.00267EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/03/31 12:0 a.m.12 views

PT-2026-29191

The WooPayments: Integrated WooCommerce Payments plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save upe appearance ajax' function in all versions up to, and including, 10.5.1. This makes it possible for unauthenticated attackers ...

6.5CVSS5.9AI score0.00267EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/03/26 3:12 p.m.6 views

CVE-2026-3567

The RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 4.1132. The plugin exposes two AJAX handlers that, when combined, allow any authenticated user to modify admin-level plugin settings. First, the...

5.3CVSS5.9AI score0.00236EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/03/26 3:12 p.m.8 views

CVE-2026-3546

The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshotformbuildergetaccountdata function is registered as a wpajax AJAX handler accessible to all authenticated users. The function lacks any capability che...

5.3CVSS5.8AI score0.00231EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/03/26 3:10 p.m.6 views

CVE-2026-1217

The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clonebulkactionhandler and republishrequest functions in all versions up to, and including, 4.5. This makes it possible for authenticated attackers, with...

5.4CVSS5.8AI score0.00171EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/03/26 3:9 p.m.5 views

CVE-2026-1948

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivatelicense function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/03/26 3:9 p.m.6 views

CVE-2026-1926

The Subscriptions for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpssfwadmincancelsusbcription function in all versions up to, and including, 1.9.2. This is due to the function being hooked to the init action withou...

5.3CVSS5.9AI score0.00307EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/03/26 3:8 p.m.8 views

CVE-2026-2294

The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'uipsaveglobalsettings' function in all versions up to, and including, 3.5.09. This makes it possible for...

4.3CVSS5.9AI score0.00192EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/03/26 3:8 p.m.3 views

CVE-2026-2233

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the draftpost function in all versions up to, and including, 4.2.8. This makes it...

5.3CVSS5.9AI score0.00193EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/03/26 3:4 p.m.10 views

CVE-2026-3891

The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lknpixforwoocommercec6savesettings' function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated...

9.8CVSS6.6AI score0.00845EPSS
Exploits7References1
attackerkb
attackerkb
added 2026/03/24 4:27 a.m.3 views

CVE-2026-3138

The Product Filter for WooCommerce by WBW plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check in all versions up to, and including, 3.1.2. This is due to the plugin's MVC framework dynamically registering unauthenticated AJAX handlers via wpajaxnopriv...

6.5CVSS5.8AI score0.00273EPSS
Exploits0References8
nvd
nvd
added 2026/03/23 11:17 p.m.7 views

CVE-2026-4066

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and abov...

4.3CVSS0.00289EPSS
Exploits0References5
euvd
euvd
added 2026/03/21 6:30 a.m.13 views

EUVD-2026-13985

The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'uipsaveglobalsettings' function in all versions up to, and including, 3.5.09. This makes it possible for...

4.3CVSS5.9AI score0.00192EPSS
Exploits0References3
euvd
euvd
added 2026/03/21 6:30 a.m.5 views

EUVD-2026-14161

The Hr Press Lite plugin for WordPress is vulnerable to unauthorized access of sensitive employee data due to a missing capability check on the hrp-fetch-employees AJAX action in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References6
Rows per page
Query Builder