Lucene search
K

21433 matches found

Vulnrichment
Vulnrichment
added 2026/01/09 7:22 a.m.1 views

CVE-2025-13934 Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Course Enrollment Bypass

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course enrollment in all versions up to, and including, 3.9.3. This is due to a missing capability check and purchasability validation in the courseenrollment AJAX handler. This makes it possib...

4.3CVSS4.8AI score0.00202EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/09 7:22 a.m.23 views

CVE-2025-13934 Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Course Enrollment Bypass

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course enrollment in all versions up to, and including, 3.9.3. This is due to a missing capability check and purchasability validation in the courseenrollment AJAX handler. This makes it possib...

4.3CVSS0.00202EPSS
Exploits0References2
CVE
CVE
added 2026/01/09 7:22 a.m.19 views

CVE-2025-14741

CVE-2025-14741 affects Frontend Admin by DynamiApps (WordPress) up to version 3.28.25. The issue is missing authorization for data deletion via the delete_object path, enabling unauthenticated attackers to delete posts, pages, products, taxonomy terms, and user accounts. Wordfence’s coverage conf...

9.1CVSS5.1AI score0.00353EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/09 7:22 a.m.2 views

CVE-2025-14741 Frontend Admin by DynamiApps <= 3.28.25 - Missing Authorization to Unauthenticated Arbitrary Data Deletion via 'delete post' Form Element

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to missing authorization to unauthorized data modification and deletion due to a missing capability check on the 'deleteobject' function in all versions up to, and including, 3.28.25. This makes it possible for unauthenticated...

9.1CVSS5.1AI score0.00353EPSS
Exploits0References2
CVE
CVE
added 2026/01/09 7:22 a.m.15 views

CVE-2025-13934

CVE-2025-13934 (Tutor LMS for WordPress) : The WordPress Tutor LMS plugin (versions up to 3.9.3) is affected by a missing capability check and purchasability validation in the course_enrollment() AJAX handler, enabling authenticated users with Subscriber+ to enroll in any course outside the prope...

4.3CVSS4.8AI score0.00202EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/09 7:22 a.m.23 views

CVE-2025-13628 Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Coupon Modification

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to a missing capability check on the 'bulkactionhandler' and 'couponpermanentdelete' functions in all versions up to, and including, 3.9.3. This makes it...

4.3CVSS0.00202EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/09 6:34 a.m.4 views

CVE-2025-14720 Booking for Appointments and Events Calendar – Amelia <= 1.2.38 - Missing Authorization to Unauthenticated Multiple AJAX Actions

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on multiple AJAX actions in all versions up to, and including, 1.2.38. This makes it possible for unauthenticated attackers to mark payments as...

5.3CVSS5.2AI score0.0028EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/09 4:31 a.m.2 views

CVE-2025-14886 Japanized for WooCommerce <= 2.7.17 - Missing Authorization to Unauthenticated Order Status Modification

The Japanized for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the order REST API endpoint in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to mark any WooCommerce order a...

5.3CVSS5AI score0.00236EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/09 3:44 a.m.6 views

Security Bulletin: IBM SPSS Analytic Server is affected by multiple vulnerabilities in zookeeper (CVE-2018-8012, CVE-2019-0201, CVE-2023-44981, CVE-2017-5637)

Summary IBM SPSS Analytic Server is affected by multiple vulnerabilities in zookeeper CVE-2018-8012, CVE-2019-0201, CVE-2023-44981, CVE-2017-5637. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2018-8012 DESCRIPTION: No authentication/authorization is enforced...

9.1CVSS7.3AI score0.73654EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.6 views

PT-2026-2026

Name of the Vulnerable Software and Affected Versions MediaWiki - CampaignEvents extension versions 1.39 through 1.45 Description A missing authorization flaw exists in the Wikimedia Foundation MediaWiki - CampaignEvents extension, potentially allowing privilege abuse. The issue relates to the...

5.3CVSS6.4AI score0.0025EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.7 views

PT-2026-1753

Name of the Vulnerable Software and Affected Versions Frontend Admin by DynamiApps versions through 3.28.25 Description The Frontend Admin by DynamiApps plugin for WordPress is affected by a missing authorization check, allowing unauthorized data modification and deletion. Specifically, a missing...

9.1CVSS6.2AI score0.00353EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.8 views

PT-2026-1732

Name of the Vulnerable Software and Affected Versions WP Page Permalink Extension versions prior to 1.5.5 Description The WP Page Permalink Extension plugin for WordPress is susceptible to a missing authorization issue. This occurs because of a lack of authorization checks within the cwpp trigger...

6.5CVSS6.1AI score0.00376EPSS
Exploits1References6
Patchstack
Patchstack
added 2026/01/08 10:49 p.m.5 views

WordPress Tutor LMS - eLearning and online course solution plugin <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Course Enrollment Bypass vulnerability

WordPress Tutor LMS - eLearning and online course solution plugin = 3.9.3 - Missing Authorization to Authenticated Subscriber+ Course Enrollment Bypass vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Tutor LMS versions = 3.9.3...

4.3CVSS7AI score0.00202EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/08 10:36 p.m.7 views

WordPress Forminator Forms plugin <= 1.49.1 - Missing Authorization to Authenticated (Forminator User+) CSV Export vulnerability

Missing Authorization to Authenticated Forminator User+ CSV Export vulnerability discovered by type5afe in WordPress Plugin Forminator versions = 1.49.1...

5.3CVSS6.9AI score0.00262EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/01/08 9:1 p.m.8 views

GHSA-6JM8-X3G6-R33J Soft Serve is missing an authorization check in LFS lock deletion

LFS Lock Force-Delete Authorization Bypass Summary An authorization bypass in the LFS lock deletion endpoint allows any authenticated user with repository write access to delete locks owned by other users by setting the force flag. The vulnerable code path processes force deletions before...

5.4CVSS7.1AI score0.00273EPSS
Exploits1References4
NVD
NVD
added 2026/01/08 5:15 p.m.4 views

CVE-2026-22522

Missing Authorization vulnerability in Munir Kamal Block Slider block-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Block Slider: from n/a through = 2.2.3...

6.5CVSS0.00269EPSS
Exploits0References1
NVD
NVD
added 2026/01/08 5:15 p.m.14 views

CVE-2026-22492

Missing Authorization vulnerability in Nawawi Jamili Docket Cache docket-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Docket Cache: from n/a through = 24.07.04...

4.3CVSS0.00256EPSS
Exploits0References1
NVD
NVD
added 2026/01/08 5:15 p.m.3 views

CVE-2026-22488

Missing Authorization vulnerability in IdeaBox Creations Dashboard Welcome for Beaver Builder dashboard-welcome-for-beaver-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dashboard Welcome for Beaver Builder: from n/a through = 1.0.8...

5.3CVSS0.00176EPSS
Exploits0References1
NVD
NVD
added 2026/01/08 5:15 p.m.8 views

CVE-2026-22490

Missing Authorization vulnerability in niklaslindemann Bulk Landing Page Creator for WordPress LPagery lpagery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Landing Page Creator for WordPress LPagery: from n/a through = 2.4.9...

5.4CVSS0.00173EPSS
Exploits0References1
NVD
NVD
added 2026/01/08 5:15 p.m.7 views

CVE-2026-22517

Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through = 2.10.0...

5.4CVSS0.0017EPSS
Exploits0References1
Rows per page
Query Builder