Lucene search
K

2149 matches found

RedhatCVE
RedhatCVE
added 2026/05/18 7:58 p.m.9 views

CVE-2025-4202

The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cfaddcomment' function in all versions up to, and including, 5.2. This makes it possible for authenticated attackers...

4.3CVSS5.9AI score0.00237EPSS
Exploits0References1
CVE
CVE
added 2026/05/18 6:0 a.m.23 views

CVE-2026-1631

The CVE-2026-1631 entry affects the Feeds for YouTube WordPress plugin prior to version 2.6.4. The root cause is a missing capability check in the 'actions' function, allowing subscribers and higher roles to perform unauthorized modifications to the plugin’s license key. The impact is license key...

5.4CVSS5.8AI score0.00231EPSS
Exploits0References1
NVD
NVD
added 2026/05/16 1:16 p.m.14 views

CVE-2025-4202

The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cfaddcomment' function in all versions up to, and including, 5.2. This makes it possible for authenticated attackers...

4.3CVSS0.00237EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/16 12:30 p.m.12 views

EUVD-2025-209886

The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cfaddcomment' function in all versions up to, and including, 5.2. This makes it possible for authenticated attackers...

4.3CVSS5.9AI score0.00237EPSS
Exploits0References3
CVE
CVE
added 2026/05/16 12:30 p.m.16 views

CVE-2025-4202

CVE-2025-4202 affects the Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress. A missing capability check in the cf_add_comment function across all versions up to 5.2 allows authenticated users with Subscriber-level access or higher to modify data by adding comment...

4.3CVSS5.9AI score0.00237EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/16 12:30 p.m.9 views

CVE-2025-4202

The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cfaddcomment' function in all versions up to, and including, 5.2. This makes it possible for authenticated attackers...

4.3CVSS5.9AI score0.00237EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.15 views

PT-2026-41425

Name of the Vulnerable Software and Affected Versions Multicollab: Content Team Collaboration and Editorial Workflow versions prior to 5.3 Description A missing capability check in the cf add comment function allows authenticated attackers with Subscriber-level access or higher to perform...

4.3CVSS5.9AI score0.00237EPSS
Exploits0References7
NVD
NVD
added 2026/05/15 9:16 a.m.37 views

CVE-2026-4683

The Smartcat Translator for WPML plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'routeData' REST endpoint in all versions up to, and including, 3.1.77. This makes it possible for unauthenticated attackers to overwrite the plugin's...

6.5CVSS0.00262EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/15 7:46 a.m.21 views

EUVD-2026-30515

The Smartcat Translator for WPML plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'routeData' REST endpoint in all versions up to, and including, 3.1.77. This makes it possible for unauthenticated attackers to overwrite the plugin's...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References4
NVD
NVD
added 2026/05/15 7:16 a.m.25 views

CVE-2026-4094

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'adminhead' function in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with Contributor-lev...

8.1CVSS0.00273EPSS
Exploits0References4
NVD
NVD
added 2026/05/13 2:17 p.m.8 views

CVE-2026-4609

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pminviteuser function in all versions up to, and including, 5.9.8.4. This makes it possible for authenticated attackers, with Subscriber-level...

7.1CVSS0.00219EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/13 1:27 p.m.43 views

EUVD-2026-29954

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pminviteuser function in all versions up to, and including, 5.9.8.4. This makes it possible for authenticated attackers, with Subscriber-level...

7.1CVSS5.8AI score0.00219EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/13 1:27 p.m.6 views

CVE-2026-4609

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pminviteuser function in all versions up to, and including, 5.9.8.4. This makes it possible for authenticated attackers, with Subscriber-level...

7.1CVSS5.8AI score0.00219EPSS
Exploits0References5
CVE
CVE
added 2026/05/13 8:26 a.m.17 views

CVE-2026-2515

The Hostinger Reach plugin for WordPress (v

5.3CVSS5.7AI score0.00378EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/13 8:26 a.m.8 views

CVE-2026-2515

The Hostinger Reach – AI-Powered Email Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handleajaxaction' function in all versions up to, and including, 1.3.8. This makes it possible for authenticated...

5.3CVSS5.7AI score0.00378EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/13 8:26 a.m.43 views

CVE-2026-2515 Hostinger Reach <= 1.3.8 - Missing Authorization to Authenticated (Subscriber+) Integration API Key Update

The Hostinger Reach – AI-Powered Email Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handleajaxaction' function in all versions up to, and including, 1.3.8. This makes it possible for authenticated...

5.3CVSS0.00378EPSS
Exploits0References4
NVD
NVD
added 2026/05/13 6:16 a.m.10 views

CVE-2025-14033

The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getticketcontentcallback' function in all versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to view any...

5.3CVSS0.00256EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/13 5:29 a.m.23 views

EUVD-2025-209822

The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getticketcontentcallback' function in all versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to view any...

5.3CVSS5.8AI score0.00256EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/13 5:29 a.m.56 views

CVE-2025-14033 ilGhera Support System for WooCommerce <= 1.3.0 - Missing Authorization to Unauthenticated Sensitive Information Exposure

The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getticketcontentcallback' function in all versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to view any...

5.3CVSS0.00256EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/13 5:29 a.m.9 views

CVE-2025-14033

The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getticketcontentcallback' function in all versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to view any...

5.3CVSS5.8AI score0.00256EPSS
Exploits0References7
Rows per page
Query Builder