Lucene search
K

186 matches found

ATTACKERKB
ATTACKERKB
added 3 days ago6 views

CVE-2026-11818

The WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possibl...

5.4CVSS5.9AI score0.00251EPSS
Exploits0References11
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-9235 DHL eCommerce (Benelux) for WooCommerce <= 2.2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shipping Label Creation and Deletion via dhlpwc_label_create and dhlpwc_label_delete AJAX Actions

The DHL eCommerce Benelux for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check and missing nonce verification on the createlabel and deletelabel functions in versions up to, and including, 2.2.3. These functions are wir...

4.3CVSS0.00196EPSS
Exploits0References5
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-42161

The Widget Logic Visual plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.52 via the widgetlogicvisualcheckvisibility function. This is due to missing capability check and nonce verification on the widget-logic-update-conditional-tags AJAX action...

8.8CVSS6.3AI score0.00516EPSS
Exploits0References4
CVE
CVE
added 5 days ago22 views

CVE-2026-14158

The Widget Logic Visual plugin for WordPress is affected by a Remote Code Execution vulnerability in all versions up to 1.52. The issue arises in the widget_logic_visual_check_visibility flow and the widget-logic-update-conditional-tags AJAX action due to missing capability check and nonce verifi...

8.8CVSS6.3AI score0.00516EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:33 a.m.6 views

CVE-2026-12094

The Advanced Contact Form 7 - Compact DB plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the cf7cdbajaxdeleteuser function in versions up to, and including, 1.0.0. The handler is registered against both wpajaxcf7cdbdelete and...

5.3CVSS6AI score0.00295EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51675

Name of the Vulnerable Software and Affected Versions SignUp & SignIn plugin for WordPress versions prior to 1.0.1 Description The SignUp & SignIn plugin for WordPress contains an authentication bypass that allows unauthenticated attackers to take over any account, including administrator account...

9.8CVSS5.9AI score0.00454EPSS
Exploits1References15
NVD
NVD
added 2026/06/23 7:16 a.m.12 views

CVE-2026-8379

The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce check on the file download handler, allowing unauthenticated attackers to download files uploaded by any user through the Frontend File Manager Plugin WordPress plugin through 23.6 by iterating...

7.5CVSS0.0024EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 6:0 a.m.7 views

CVE-2026-8379

The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce check on the file download handler, allowing unauthenticated attackers to download files uploaded by any user through the Frontend File Manager Plugin WordPress plugin through 23.6 by iterating...

5.9AI score0.0024EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.16 views

PT-2026-51479

Name of the Vulnerable Software and Affected Versions Frontend File Manager Plugin versions prior to 23.7 Description An issue exists where the file download handler does not properly enforce its nonce check. A nonce number used once is a security token used to prevent cross-site request forgery...

7.5CVSS5.7AI score0.0024EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.11 views

CVE-2025-15611

The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the addoreditpopupbox function before saving popup data, allowing unauthenticated attackers to perform Cross-Site Request Forgery attacks. When an authenticated admin visits a malicious page, the attacker can create ...

5.4CVSS5.6AI score0.00136EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 6:31 p.m.7 views

CVE-2026-5415

The WP Captcha PRO the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.38. This is due to the ajaxruntool AJAX handler relying solely on a nonce check...

8.8CVSS5.7AI score0.00393EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/04 1:26 a.m.8 views

CVE-2026-10737

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...

7.5CVSS5.9AI score0.003EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/29 2:27 a.m.16 views

CVE-2026-8995

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 6.3.7. This is due to insufficient access controls on the 'ayspollgetuserinformation' AJAX action, which serializes and returns the...

4.3CVSS5.8AI score0.00283EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/05/27 4:28 a.m.12 views

CVE-2026-9236 CM Ad Changer <= 2.0.7 - Cross-Site Request Forgery to Campaign Deletion via Campaign Management

The CM Ad Changer – A simple tool to control and optimize your site's banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the cmaccampaignsaction function. This makes it...

4.3CVSS5.9AI score0.00128EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.11 views

Roadiz Document base system 数据伪造问题漏洞

The Roadiz Document Base System is an open-source HTML template rendering system based on documents developed by Roadiz. Versions prior to 2.3.43, 2.5.45, 2.6.31, and 2.7.18 of the Roadiz Document Base System had data manipulation vulnerabilities. These vulnerabilities stemmed from the use of OID...

7.1CVSS5.7AI score0.00152EPSS
Exploits0References2
NVD
NVD
added 2026/05/07 2:16 a.m.8 views

CVE-2026-6222

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the processRequest method in ForminatorAdminModuleEditPage admin/abstracts/class-admin-module-edit-page.php dispatching sensitive module-management actions —...

5.3CVSS0.00425EPSS
Exploits0References8
OSV
OSV
added 2026/04/24 3:16 p.m.7 views

DEBIAN-CVE-2026-31631

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix buffer overread in rxgkdoverifyauthenticator Fix rxgkdoverifyauthenticator to check the buffer size before checking the nonce...

8.2CVSS5.5AI score0.00385EPSS
Exploits0References1
NVD
NVD
added 2026/04/24 3:16 p.m.5 views

CVE-2026-31631

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix buffer overread in rxgkdoverifyauthenticator Fix rxgkdoverifyauthenticator to check the buffer size before checking the nonce...

8.2CVSS0.00385EPSS
Exploits0References3
CVE
CVE
added 2026/04/24 2:44 p.m.17 views

CVE-2026-31631

The CVE-2026-31631 issue concerns the Linux kernel’s rxrpc path, specifically a buffer overread in rxgk_do_verify_authenticator(). The vulnerability arises because the function checks the nonce before validating the buffer size, potentially reading beyond the allocated memory. A fix has been appl...

8.2CVSS5.6AI score0.00385EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/24 2:44 p.m.5 views

EUVD-2026-25524

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix buffer overread in rxgkdoverifyauthenticator Fix rxgkdoverifyauthenticator to check the buffer size before checking the nonce...

5.6AI score0.00385EPSS
Exploits0References3
Rows per page
Query Builder