Lucene search
K

86 matches found

CVE
CVE
added yesterday7 views

CVE-2026-7620

CVE-2026-7620 affects the WordPress plugin Notification for Telegram (versions up to 3.5.1). The issue is an authorization bypass that allows authenticated attackers with subscriber-level access and above to create, modify, or reschedule the nftb_cron_hook WordPress cron event, enabling unauthori...

4.3CVSS6AI score0.0025EPSS
Exploits0References11
CVE
CVE
added 2026/04/16 5:29 a.m.13 views

CVE-2026-3551

The CVE-2026-3551 issue affects the WordPress plugin Custom New User Notification (versions up to 1.2.0). It is a Stored XSS due to insufficient input sanitization and output escaping in multiple admin settings fields (e.g., User Mail Subject, User From Name/Email, Admin Mail Subject, Admin From ...

4.4CVSS5.9AI score0.00361EPSS
Exploits0References17
NVD
NVD
added 2026/04/01 6:16 a.m.7 views

CVE-2025-15484

The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce's permission checks to grant full access to all unauthenticated requests, enabling complete read/write access to store resources like products, coupons, and customers...

9.1CVSS0.00237EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/01 6:0 a.m.5 views

CVE-2025-15484 Order Notification for WooCommerce < 3.6.3 - Unauthenticated WooCommerce REST Permission Bypass

The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce's permission checks to grant full access to all unauthenticated requests, enabling complete read/write access to store resources like products, coupons, and customers...

5.9AI score0.00237EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/01 6:0 a.m.34 views

CVE-2025-15484 Order Notification for WooCommerce < 3.6.3 - Unauthenticated WooCommerce REST Permission Bypass

The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce's permission checks to grant full access to all unauthenticated requests, enabling complete read/write access to store resources like products, coupons, and customers...

0.00237EPSS
Exploits0References1
CVE
CVE
added 2026/04/01 6:0 a.m.21 views

CVE-2025-15484

The CVE-2025-15484 entry concerns the WordPress plugin Order Notification for WooCommerce. Multiple sources confirm that versions prior to 3.6.3 bypass WooCommerce permission checks, allowing unauthenticated requests to perform full read/write operations on store resources (e.g., products, coupon...

9.1CVSS5.9AI score0.00237EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/27 1:33 a.m.8 views

CVE-2025-62915 WordPress SMS Contact Form 7 Notifications by ClickSend plugin <= 1.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in clicksend SMS Contact Form 7 Notifications by ClickSend clicksend-contactform7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMS Contact Form 7 Notifications by ClickSend: from n/a through = 1.4.0...

4.3CVSS0.00225EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2012-4846

Malware in sbrugna...

6.8CVSS6.4AI score0.00962EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-11770

Malware in sbrugna...

7.2CVSS7AI score0.01316EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-5671

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.00896EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-1886

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.0146EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-2647

Malicious code in bioql PyPI...

7.1CVSS6.9AI score0.01133EPSS
Exploits0References6
CVE
CVE
added 2025/06/27 11:52 a.m.21 views

CVE-2025-39478

CVE-2025-39478 affects WordPress Smart Notification Plugin (Smart Notification) versions ≤ 10.3. It is a Reflected Cross-Site Scripting (XSS) vulnerability. All connected sources (NVD, Red Hat, CNNVD, Patchstack, CVE records) indicate the issue exists and that a fix is not yet provided in the pub...

7.1CVSS5.2AI score0.00215EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/27 11:52 a.m.6 views

CVE-2025-39478 WordPress Smart Notification Plugin <= 10.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in smartiolabs Smart Notification allows Reflected XSS. This issue affects Smart Notification: from n/a through 10.3...

7.1CVSS6.5AI score0.00215EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:4 p.m.8 views

CVE-2022-34205

A cross-site request forgery CSRF vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL...

6.5CVSS6.7AI score0.00468EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:20 p.m.9 views

CVE-2020-2297

Jenkins SMS Notification Plugin 1.2 and earlier stores an access token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

3.3CVSS6.7AI score0.00335EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 6:50 a.m.11 views

CVE-2019-10459

Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhook URLs containing a secret token unencrypted in its global configuration file and job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...

6.5CVSS6.5AI score0.00927EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:12 a.m.23 views

CVE-2019-1003044

A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

7.1CVSS6.5AI score0.01133EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/17 9:2 p.m.9 views

CVE-2024-6159

The Push Notification for Post and BuddyPress WordPress plugin before 1.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

9.8CVSS7.3AI score0.02491EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/16 12:0 a.m.4 views

WordPress plugin Push notification for Mobile and Web app 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

6.5CVSS6.9AI score0.00214EPSS
Exploits0References3
Rows per page
Query Builder