Lucene search
K

21408 matches found

Vulnrichment
Vulnrichment
added 2026/01/16 4:44 a.m.2 views

CVE-2025-14982 Booking Calendar <= 10.14.11 - Missing Authorization to Sensitive Information Exposure

The Booking Calendar plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Exposure in all versions up to, and including, 10.14.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view all booking records in the...

4.3CVSS5AI score0.00342EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/01/16 4:44 a.m.5 views

CVE-2025-14982

The Booking Calendar plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Exposure in all versions up to, and including, 10.14.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view all booking records in the...

4.3CVSS5.3AI score0.00342EPSS
Exploits0References10
CVE
CVE
added 2026/01/16 4:44 a.m.11 views

CVE-2025-14982

The CVE-2025-14982 entry concerns the WordPress Booking Calendar plugin (versions ≤ 10.14.11). The vulnerability is Missing Authorization that enables an authenticated attacker with Subscriber privileges or higher to view all booking records and PII (names, emails, phones, addresses, payment stat...

4.3CVSS5AI score0.00342EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/01/16 12:12 a.m.27 views

CVE-2025-64729 AVEVA Process Optimization Missing Authorization

The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files...

8.6CVSS0.00171EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/16 12:12 a.m.6 views

CVE-2025-64729 AVEVA Process Optimization Missing Authorization

The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files...

8.6CVSS6.5AI score0.00171EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/16 12:0 a.m.7 views

PT-2026-3214

The Booking Calendar plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Exposure in all versions up to, and including, 10.14.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view all booking records in the...

4.3CVSS5.4AI score0.00342EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.12 views

SAP NetWeaver AS ABAP Missing Authorization Check (3688703)

The remote SAP NetWeaver ABAP server is affected by a authorization check vulnerability as referenced in the 3688703 advisory. - Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form...

8.1CVSS5.7AI score0.00228EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/01/15 11:11 p.m.5 views

WordPress All in One SEO - Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin <= 4.9.2 - Missing Authorization to Authenticated (Contributor+) AI Access Token and Credit Disclosure vulnerability

WordPress All in One SEO - Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin = 4.9.2 - Missing Authorization to Authenticated Contributor+ AI Access Token and Credit Disclosure vulnerability discovered by NosleeP++ in WordPress Plugin All In One SEO Pack versions = 4.9.2...

4.3CVSS7AI score0.00226EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/01/15 4:52 p.m.4 views

CVE-2026-23494 Pimcore is Missing Function Level Authorization on "Static Routes" Listing

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for reading or listing static routes. In Pimcore, static routes are custom URL patterns defined vi...

4.3CVSS5.6AI score0.00319EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/01/15 4:47 p.m.7 views

CVE-2026-23495 Pimcore's Admin Classic Bundle is Missing Function Level Authorization on "Predefined Properties" Listing

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. Prior to 2.2.3 and 1.7.16, the API endpoint for listing Predefined Properties in the Pimcore platform lacks adequate server-side authorization checks. Predefined Properties are configurable metadata definitions e.g., name, key, typ...

4.3CVSS6.3AI score0.00331EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/01/15 1:23 p.m.26 views

CVE-2025-13859 AffiliateX 1.0.0 - 1.3.9.3 - Authenticated (Subscriber+) Missing Authorization to Stored Cross-Site Scripting via save_customization_settings

The AffiliateX – Amazon Affiliate Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savecustomizationsettings AJAX action in versions 1.0.0 to 1.3.9.3. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS0.00166EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/15 1:23 p.m.3 views

CVE-2025-12895 Kalium <= 3.29 - Missing Authorization to Unauthenticated Mail Relay via kalium_vc_contact_form_request

The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kaliumvccontactformrequest function in all versions up to, and including, 3.29. This makes it possible for unauthenticated attackers to us...

5.3CVSS5.2AI score0.00227EPSS
Exploits0References3
CVE
CVE
added 2026/01/15 1:23 p.m.18 views

CVE-2025-12895

CVE-2025-12895 concerns Kalium 3 (Creative WordPress & WooCommerce Theme) before version 3.29. The issue is an unauthorized email sending capability due to a missing authorization check in kalium_vc_contact_form_request(), allowing unauthenticated actors to use the site as an open mail relay to s...

5.3CVSS5.2AI score0.00227EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/15 7:23 a.m.18 views

CVE-2025-14173

The Perfit WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. This is due to missing authorization checks on the logout function called via the actions function hooked to admininit. This makes it possible for unauthenticated...

5.3CVSS6.1AI score0.00232EPSS
Exploits0References1
NVD
NVD
added 2026/01/14 7:16 a.m.6 views

CVE-2025-14173

The Perfit WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. This is due to missing authorization checks on the logout function called via the actions function hooked to admininit. This makes it possible for unauthenticated...

5.3CVSS0.00232EPSS
Exploits0References3
CVE
CVE
added 2026/01/14 6:40 a.m.22 views

CVE-2025-15475

CVE-2025-15475 affects the PayHere Payment Gateway Plugin for WooCommerce (WordPress). The issue arises from improper validation in the check_payhere_response function, allowing unauthenticated attackers to modify data and change the status of pending WooCommerce orders to paid/completed/on hold ...

5.3CVSS5.6AI score0.00225EPSS
Exploits0References3
CVE
CVE
added 2026/01/14 6:40 a.m.19 views

CVE-2025-14173

CVE-2025-14173 concerns the Perfit WooCommerce plugin for WordPress. The vulnerability is due to missing authorization on the logout function invoked through the actions hook on admin_init, affecting all versions up to and including 1.0.1. This enables unauthenticated attackers to delete arbitrar...

5.3CVSS5.7AI score0.00232EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/14 6:40 a.m.4 views

EUVD-2026-2532

The Perfit WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. This is due to missing authorization checks on the logout function called via the actions function hooked to admininit. This makes it possible for unauthenticated...

5.3CVSS5.6AI score0.00232EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/14 6:40 a.m.28 views

CVE-2025-14173 Perfit WooCommerce <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings Deletion

The Perfit WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. This is due to missing authorization checks on the logout function called via the actions function hooked to admininit. This makes it possible for unauthenticated...

5.3CVSS0.00232EPSS
Exploits0References3
CVE
CVE
added 2026/01/14 6:40 a.m.18 views

CVE-2025-15512

The CVE-2025-15512 entry describes a vulnerability in the WordPress Aplazo Payment Gateway plugin (versions up to and including 1.4.2) where a missing capability check in check_success_response() allows unauthenticated attackers to modify any WooCommerce order to the pending payment status. Multi...

5.3CVSS5.9AI score0.00232EPSS
Exploits0References3
Rows per page
Query Builder