Lucene search
K

16 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.10 views

CVE-2026-4301

The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsrreview AJAX handler lacks both capability checks and nonce verification. The only access control is an isuserloggedin check...

4.3CVSS5.5AI score0.00271EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/31 12:0 a.m.10 views

WordPress plugin Advanced Custom Fields 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

5.3CVSS5.9AI score0.00402EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.4 views

CVE-2026-3651

The Build App Online plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.23. This is due to the plugin registering the 'build-app-online-update-vendor-product' AJAX action via wpajaxnopriv without proper authentication checks, capability verificatio...

5.3CVSS5.9AI score0.00305EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/21 3:26 a.m.2 views

CVE-2026-3651 Build App Online <= 1.0.23 - Missing Authorization to Arbitrary Post Author Modification via 'build-app-online-update-vendor-product' AJAX Action

The Build App Online plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.23. This is due to the plugin registering the 'build-app-online-update-vendor-product' AJAX action via wpajaxnopriv without proper authentication checks, capability verificatio...

5.3CVSS5.9AI score0.00305EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.10 views

WordPress plugin Blog2Social: Social Media Auto Post & Scheduler 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.9AI score0.00336EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/11/19 7:26 a.m.6 views

CVE-2025-12524

The Post Type Switcher plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.0.0 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to modify the post type...

5.4CVSS5.7AI score0.0025EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.5 views

WordPress plugin Quick Featured Images 安全漏洞

WordPress Quick Featured Images plugin is a plugin for bulk editing and replacing featured images in WordPress. WordPress Quick Featured Images plugin suffers from an insecure direct object reference vulnerability that stems from the lack of validation of user control keys in the qfisetthumbnail...

4.3CVSS6.8AI score0.0022EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 9:19 a.m.3 views

CVE-2024-5858

The AI Infographic Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the qcldopenaititlegeneratedesc AJAX action in all versions up to, and including, 4.7.4. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS5.3AI score0.00323EPSS
Exploits0References1
NVD
NVD
added 2024/05/23 7:15 a.m.24 views

CVE-2024-2038

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible fo...

7.5CVSS7.6AI score0.00494EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/23 6:46 a.m.13 views

CVE-2024-2038 Visual Website Collaboration, Feedback & Project Management – Atarim <= 3.22.6 - Hardcoded Credentials

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible fo...

7.5CVSS7.5AI score0.00494EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/23 6:46 a.m.22 views

CVE-2024-2038 Visual Website Collaboration, Feedback & Project Management – Atarim <= 3.22.6 - Hardcoded Credentials

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible fo...

7.5CVSS7.6AI score0.00494EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/23 12:0 a.m.8 views

PT-2024-18654 · WordPress · Atarim

Name of the Vulnerable Software and Affected Versions: The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress versions up to, and including, 3.22.6 Description: The issue is due to the use of hardcoded credentials to authenticate all incoming API requests...

7.5CVSS6.9AI score0.00494EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/02/05 12:0 a.m.5 views

PT-2024-15505 · WordPress · Views For Wpforms

Name of the Vulnerable Software and Affected Versions: The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress versions up to, and including, 3.2.2 Description: The issue is related to a missing capability check on the save view function, allowing...

4.3CVSS5.2AI score0.00428EPSS
Exploits0References7
Prion
Prion
added 2022/12/14 10:15 p.m.19 views

Cross site scripting

The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including 2.2.20.3 due to improper output escaping on post/page/media titles. This makes it possible for attackers to inject arbitrary web scripts on the permalink-manager page if...

4.9CVSS5AI score0.00555EPSS
Exploits0References2Affected Software1
Exploit DB
Exploit DB
added 2005/06/21 12:0 a.m.64 views

Simple Machines Forum (SMF) 1.0.4 - &#039;modify&#039; SQL Injection

!/usr/bin/perl -w SMF Modify SQL Injection // All Versions // By James http://www.gulftech.org Simple proof of concept for the modify post SQL Injection issue I discovered in Simple Machine Forums. Supply this script with your username password and the complete url to a post you made, and have...

7AI score
Exploits0
exploitpack
exploitpack
added 2005/06/21 12:0 a.m.16 views

Simple Machines Forum (SMF) 1.0.4 - modify SQL Injection

Simple Machines Forum SMF 1.0.4 - modify SQL Injection !/usr/bin/perl -w SMF Modify SQL Injection // All Versions // By James http://www.gulftech.org Simple proof of concept for the modify post SQL Injection issue I discovered in Simple Machine Forums. Supply this script with your username passwo...

1AI score
Exploits0
Rows per page
Query Builder