Lucene search
K

21436 matches found

GithubExploit
GithubExploit
added 2026/01/07 7:29 p.m.243 views

Exploit for CVE-2026-0628

CVE-2026-0628-POC Prueba de concepto PoC para CVE-2026-0628,...

8.8CVSS6.8AI score0.06545EPSS
Exploits2
NVD
NVD
added 2026/01/07 1:15 p.m.4 views

CVE-2025-46434

Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro thepluselementoraddon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a through 6.3.7...

6.5CVSS0.00174EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/07 12:35 p.m.24 views

CVE-2025-46434 WordPress The Plus Addons for Elementor Pro plugin < 6.3.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro thepluselementoraddon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a through 6.3.7...

6.5CVSS0.00174EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/07 12:35 p.m.2 views

CVE-2025-46434 WordPress The Plus Addons for Elementor Pro plugin < 6.3.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro thepluselementoraddon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a through 6.3.7...

6.5CVSS5.1AI score0.00174EPSS
Exploits0References1
CVE
CVE
added 2026/01/07 12:35 p.m.16 views

CVE-2025-46434

CVE-2025-46434 corresponds to a Missing Authorization / Broken Access Control vulnerability in the WordPress plugin "The Plus Addons for Elementor Pro" (prior to v6.3.7). The issue arises from incorrectly configured access control levels, enabling unauthorized access to actions or data that shoul...

6.5CVSS5.7AI score0.00174EPSS
Exploits0References1
NVD
NVD
added 2026/01/07 12:17 p.m.2 views

CVE-2025-69344

Missing Authorization vulnerability in themehunk Oneline Lite oneline-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Oneline Lite: from n/a through = 6.6...

4.3CVSS0.00152EPSS
Exploits0References1
NVD
NVD
added 2026/01/07 12:17 p.m.3 views

CVE-2025-69333

Missing Authorization vulnerability in Crocoblock JetEngine jet-engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through = 3.8.1.1...

4.3CVSS0.00162EPSS
Exploits0References1
NVD
NVD
added 2026/01/07 12:16 p.m.2 views

CVE-2025-14370

The Quote Comments plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.0. This is due to missing authorization checks in the quotecommentsaddadmin function. This makes it possible for authenticated attackers, with Subscriber-level access and above...

4.3CVSS0.00158EPSS
Exploits0References2
NVD
NVD
added 2026/01/07 12:16 p.m.4 views

CVE-2025-13722

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.7. This is due to missing capability checks on the fluentformaicreateform AJAX action. This makes it...

5.3CVSS0.00183EPSS
Exploits0References2
CVE
CVE
added 2026/01/07 11:52 a.m.33 views

CVE-2025-69333

CVE-2025-69333 describes a Missing Authorization vulnerability in Crocoblock JetEngine (JetEngine) that allows exploitation of incorrectly configured Access Control security levels. Affected product: JetEngine; version range indicated as up to 3.8.1.1. The connected Red Hat advisory and the initi...

4.3CVSS5.9AI score0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/07 11:52 a.m.23 views

CVE-2025-69333 WordPress JetEngine plugin <= 3.8.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Crocoblock JetEngine jet-engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through = 3.8.1.1...

4.3CVSS0.00162EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/07 11:52 a.m.2 views

CVE-2025-69333 WordPress JetEngine plugin <= 3.8.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Crocoblock JetEngine jet-engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through = 3.8.1.1...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/07 11:51 a.m.3 views

CVE-2025-69344 WordPress Oneline Lite theme <= 6.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in themehunk Oneline Lite oneline-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Oneline Lite: from n/a through = 6.6...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/07 11:51 a.m.26 views

CVE-2025-69344 WordPress Oneline Lite theme <= 6.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in themehunk Oneline Lite oneline-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Oneline Lite: from n/a through = 6.6...

4.3CVSS0.00152EPSS
Exploits0References1
CVE
CVE
added 2026/01/07 9:21 a.m.21 views

CVE-2025-13722

CVE-2025-13722 affects Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder for WordPress. Wordfence reports Missing Authorization in the fluentform_ai_create_form AJAX action, allowing authenticated attackers with Subscriber+ privileges to create arbitrary forms...

5.3CVSS5.3AI score0.00183EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/07 9:21 a.m.3 views

CVE-2025-13722 Fluent Forms <= 6.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Creation via AI Builder

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.7. This is due to missing capability checks on the fluentformaicreateform AJAX action. This makes it...

5.3CVSS5.3AI score0.00183EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/07 9:21 a.m.25 views

CVE-2025-14460 Piraeus Bank WooCommerce Payment Gateway <= 3.1.4 - Missing Authorization to Unauthenticated Arbitrary Order Status Change

The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to unauthorized order status modification in all versions up to, and including, 3.1.4. This is due to missing authorization checks on the payment callback endpoint handler when processing the 'fail' callback from the...

5.3CVSS0.0036EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/07 9:21 a.m.22 views

CVE-2025-14070 Reviewify <= 1.0.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary WooCommerce Coupon Creation

The Reviewify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sendtestemail' AJAX action in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

7.5CVSS0.0039EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/07 9:19 a.m.4 views

CVE-2025-14441

The Popupkit plugin for WordPress is vulnerable to arbitrary subscriber data deletion due to missing authorization on the DELETE /subscribers REST API endpoint in all versions up to, and including, 2.2.0. This is due to the permissioncallback only validating wprest nonce without checking user...

5.3CVSS5.8AI score0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:18 a.m.7 views

CVE-2025-1249

Missing Authorization vulnerability in Marcus aka @msykes Events Manager events-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Events Manager: from n/a through = 6.6.4.1...

5.3CVSS7.2AI score0.00323EPSS
Exploits0References1
Rows per page
Query Builder