Lucene search
K

5 matches found

CVE
CVE
added 3 days ago11 views

CVE-2026-1832

CVE-2026-1832 affects ThriveDesk for WordPress (plugin up to version 2.1.7). The vulnerability is due to a missing capability check on the AJAX action thrivedesk_clear_cache , enabling authenticated attackers with Subscriber level access and above to delete the plugin cache. The report cites impa...

4.3CVSS6.1AI score0.00204EPSS
Exploits0References6
CVE
CVE
added 2026/04/15 10:26 p.m.19 views

CVE-2026-4949

The connected Patchstack entry documents a concrete vulnerability in WordPress ProfilePress plugin, versions

4.3CVSS5.9AI score0.00316EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/04/07 5:8 p.m.2 views

CVE-2026-22680 OpenViking < 0.3.3 Missing Authorization via Task Polling

OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allows unauthorized attackers to enumerate or retrieve background task metadata created by other users. Attackers can access the /api/v1/tasks and /api/v1/tasks/taskid routes withou...

6.9CVSS5.9AI score0.00384EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/20 8:25 a.m.23 views

CVE-2026-3550 RockPress <= 1.0.17 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via AJAX Actions

The RockPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.17. This is due to missing capability checks on multiple AJAX actions rockpressimport, rockpressimportstatus, rockpresslastimport, rockpressresetimport, and rockpresscheckservices...

5.3CVSS0.00402EPSS
Exploits0References16
EUVD
EUVD
added 2026/03/13 9:31 p.m.3 views

EUVD-2026-11939

Missing Authorization vulnerability in wppochipp Pochipp pochipp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pochipp: from n/a through 1.18.9...

5.4CVSS5.8AI score0.00172EPSS
Exploits0References2
Rows per page
Query Builder