Lucene search
K

21408 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : postgresql:16 (AXSA:2024-8740:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8740:01 advisory. postgresql: PostgreSQL pgstatsext and pgstatsextexprs lack authorization checks CVE-2024-4317 postgresql: PostgreSQL relation replacement during...

8.8CVSS6AI score0.01565EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 7 : rh-postgresql10-postgresql-10.12-2.el7 (AXSA:2020-4528:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-4528:01 advisory. PostgreSQL: stack-based buffer overflow via setting a password CVE-2019-10164 PostgreSQL: ALTER ... DEPENDS ON EXTENSION is missing authorization...

9CVSS8.4AI score0.03711EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/19 11:21 p.m.3 views

CVE-2025-15466 Image Photo Gallery Final Tiles Grid <= 3.6.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Gallery Management

The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on multiple AJAX actions in all versions up to, and including, 3.6.9. This makes it possible for authenticated attackers, with...

5.4CVSS5.5AI score0.00188EPSS
Exploits0References2
CVE
CVE
added 2026/01/19 11:21 p.m.20 views

CVE-2025-15466

CVE-2025-15466 refers to the WordPress plugin Image Photo Gallery Final Tiles Grid (Lite) with a vulnerability caused by missing capability checks on multiple AJAX actions, affecting all versions up to and including 3.6.9. The issue enables authenticated attackers with Contributor-level access or...

5.4CVSS5.5AI score0.00188EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/18 9:18 a.m.19 views

CVE-2025-14078

The PAYGENT for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.4.6. This is due to missing authorization checks on the paygentcheckwebhook function combined with the paygentpermissioncallback function unconditionally returning true ...

5.3CVSS5.9AI score0.00261EPSS
Exploits0References1
NVD
NVD
added 2026/01/17 9:15 a.m.8 views

CVE-2025-14078

The PAYGENT for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.4.6. This is due to missing authorization checks on the paygentcheckwebhook function combined with the paygentpermissioncallback function unconditionally returning true ...

5.3CVSS0.00261EPSS
Exploits0References5
EUVD
EUVD
added 2026/01/17 8:24 a.m.4 views

EUVD-2026-3140

The PAYGENT for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.4.6. This is due to missing authorization checks on the paygentcheckwebhook function combined with the paygentpermissioncallback function unconditionally returning true ...

5.3CVSS5.5AI score0.00261EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/17 5:22 a.m.9 views

CVE-2025-14982

The Booking Calendar plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Exposure in all versions up to, and including, 10.14.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view all booking records in the...

4.3CVSS5.4AI score0.00342EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/17 4:34 a.m.4 views

CVE-2025-12168 Phrase TMS Integration for WordPress <= 4.7.5 - Missing Authorization to Authenticated (Subscriber+) Log Deletion

The Phrase TMS Integration for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxdeletelog' AJAX endpoint in all versions up to, and including, 4.7.5. This makes it possible for authenticated attackers, with...

4.3CVSS5.5AI score0.00161EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/17 4:34 a.m.24 views

CVE-2025-12168 Phrase TMS Integration for WordPress <= 4.7.5 - Missing Authorization to Authenticated (Subscriber+) Log Deletion

The Phrase TMS Integration for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxdeletelog' AJAX endpoint in all versions up to, and including, 4.7.5. This makes it possible for authenticated attackers, with...

4.3CVSS0.00161EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/17 4:34 a.m.3 views

CVE-2025-14029 Community Events <= 1.5.6 - Missing Authorization to Unauthenticated Arbitrary Event Approval via 'eventlist' Parameter

The Community Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxadmineventapproval function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to approve arbitrary events via t...

5.3CVSS5.7AI score0.0024EPSS
Exploits0References5
CVE
CVE
added 2026/01/17 4:34 a.m.22 views

CVE-2025-14029

CVE-2025-14029 affects the WordPress plugin Community Events (versions up to and including 1.5.6). The issue is a missing capability check in ajax_admin_event_approval(), allowing unauthenticated attackers to approve arbitrary events via the eventlist parameter. Wordfence notes this vulnerability...

5.3CVSS5.1AI score0.0024EPSS
Exploits0References5
CVE
CVE
added 2026/01/17 2:22 a.m.19 views

CVE-2025-14450

The CVE CVE-2025-14450 affects Wallet System for WooCommerce (WordPress) where a missing capability check in change_wallet_fund_request_status_callback allowed authenticated users with Subscriber+ privileges to modify wallet withdrawal requests and arbitrarily alter balances in versions up to 2.7...

6.5CVSS4.7AI score0.00214EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/17 12:0 a.m.6 views

PT-2026-3356

The PAYGENT for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.4.6. This is due to missing authorization checks on the paygent check webhook function combined with the paygent permission callback function unconditionally returning...

5.3CVSS5.9AI score0.00261EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/01/16 11:44 p.m.6 views

WordPress Phrase TMS Integration for WordPress plugin <= 4.7.5 - Missing Authorization to Authenticated (Subscriber+) Log Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Log Deletion vulnerability discovered by Legion Hunter in WordPress Plugin Phrase TMS Integration for WordPress versions = 4.7.5...

4.3CVSS7AI score0.00161EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/01/16 5:16 a.m.5 views

CVE-2025-14982

The Booking Calendar plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Exposure in all versions up to, and including, 10.14.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view all booking records in the...

4.3CVSS0.00342EPSS
Exploits0References9
CVE
CVE
added 2026/01/16 4:44 a.m.53 views

CVE-2026-1000

The CVE-2026-1000 entry describes a data-destructive vulnerability in the MailerLite – WooCommerce integration for WordPress (versions up to 3.1.3). Root cause: missing capability checks on resetIntegration(), enabling authenticated users with Subscriber-level access or higher to modify data it s...

6.5CVSS4.9AI score0.00282EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/16 4:44 a.m.6 views

CVE-2026-1000 MailerLite - WooCommerce integration <= 3.1.3 - Missing Authorization to Data Deletion

The MailerLite - WooCommerce integration plugin for WordPress is vulnerable to unauthorized data modification and deletion in all versions up to, and including, 3.1.3. This is due to missing capability checks on the resetIntegration function. This makes it possible for authenticated attackers, wi...

6.5CVSS4.9AI score0.00282EPSS
Exploits0References5
CVE
CVE
added 2026/01/16 4:44 a.m.18 views

CVE-2025-12641

CVE-2025-12641 affects the Awesome Support – WordPress HelpDesk & Support Plugin for WordPress (versions up to 6.3.6). The vulnerability is an authorization bypass caused by missing capabilities checks in wpas_do_mr_activate_user and a nonce namespace issue that allows unauthenticated attackers t...

6.5CVSS5.4AI score0.00363EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/01/16 4:44 a.m.31 views

CVE-2025-14982 Booking Calendar <= 10.14.11 - Missing Authorization to Sensitive Information Exposure

The Booking Calendar plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Exposure in all versions up to, and including, 10.14.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view all booking records in the...

4.3CVSS0.00342EPSS
Exploits0References9
Rows per page
Query Builder