Lucene search
K

19 matches found

NVD
NVD
added 2026/06/06 12:16 a.m.11 views

CVE-2026-8976

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action...

4.3CVSS0.0029EPSS
Exploits0References22
ATTACKERKB
ATTACKERKB
added 2026/06/05 11:28 p.m.13 views

CVE-2026-8976

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action...

4.3CVSS5.6AI score0.0029EPSS
Exploits0References23
EUVD
EUVD
added 2026/05/05 6:31 a.m.40 views

EUVD-2026-27185

The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wprupdateformactionmeta AJAX action in all versions up to, and including, 1.7.1056. This is due to insufficient input sanitization and output escaping, combined with a...

7.2CVSS6AI score0.00359EPSS
Exploits0References7
NVD
NVD
added 2026/05/05 4:16 a.m.48 views

CVE-2026-4803

The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wprupdateformactionmeta AJAX action in all versions up to, and including, 1.7.1056. This is due to insufficient input sanitization and output escaping, combined with a...

7.2CVSS0.00359EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/09 11:10 a.m.8 views

CVE-2016-10996

The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak...

5.3CVSS7.1AI score0.01092EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-1987

Malware in sbrugna...

5.3CVSS5.6AI score0.01092EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-24142

Malware in sbrugna...

8.8CVSS8.6AI score0.01186EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-50538

Malicious code in bioql PyPI...

4.3CVSS8.9AI score0.00367EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 10:13 p.m.7 views

CVE-2022-1777

The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload...

8.8CVSS6.5AI score0.01263EPSS
Exploits2References1
RedHat Linux
RedHat Linux
added 2024/04/25 1:28 a.m.2 views

gnutls: vulnerable to Minerva side-channel information leak

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLSPRIVKEYFLAGREPRODUCIBLE flag, it can result in a noticeable step in nonce...

5.3CVSS6.7AI score0.00718EPSS
Exploits0References6
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.12 views

WP Like Button <= 1.7.0 - Missing Authorization via crublabFBLBAjax

Description The WP Like Button plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the crublabFBLBAjax function in versions up to, and including, 1.7.0. This makes it possible for authenticated attackers, with subscriber-level access and...

6.1AI score0.00322EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/06/07 1:51 a.m.14 views

CVE-2020-36700 Page Builder: KingComposer < 2.9.4 - Authorization Bypass due to Improper Access Control

The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3. This is due to a security nonce being leaked in the '/wp-admin/index.php' page. This makes it possible for authenticated attackers to change arbitrary WordPress...

8.8CVSS7.4AI score0.01186EPSS
Exploits1References4
OSV
OSV
added 2022/03/18 6:15 p.m.3 views

CVE-2022-25602

Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin versions = 4.1.7...

8.8CVSS5.9AI score0.01262EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2020/07/06 12:0 a.m.12 views

Security & Malware scan by CleanTalk < 2.51 - Security Nonce Leak leading to Unauthorised AJAX call

Security nonce leak, allowing any authenticated users such as subscribers to make unauthorised AJAX call which could lead to arbitrary file deletion/download and function call. Note WPScanTeam: We do not consider the issue fully remediated, as the AJAX calls rely on CSRF check for authorisation,...

2.9AI score
Exploits0References1Affected Software1
OSV
OSV
added 2019/09/20 3:15 p.m.4 views

CVE-2016-10996

The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak...

5.3CVSS5.8AI score0.01092EPSS
Exploits0References2
NVD
NVD
added 2019/09/20 3:15 p.m.19 views

CVE-2016-10996

The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak...

5.3CVSS5.4AI score0.01092EPSS
Exploits0References2
Prion
Prion
added 2019/09/20 3:15 p.m.13 views

Design/Logic Flaw

The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak...

5CVSS7.2AI score0.01092EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/09/20 2:7 p.m.48 views

CVE-2016-10996

The CVE-2016-10996 vulnerability affects the WordPress OptinMonster plugin prior to version 1.1.4.6. The root cause is incorrect access control for shortcode execution caused by a nonce leak, allowing an attacker to exploit shortcode handling. Several sources confirm the issue and reference the s...

5.3CVSS5.4AI score0.01092EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/09/20 2:7 p.m.24 views

CVE-2016-10996

The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak...

5.5AI score0.01092EPSS
Exploits0References2
Rows per page
Query Builder