Lucene search
+L

10 matches found

cvelist
cvelist
added 2026/07/02 6:0 a.m.40 views

CVE-2026-11781 Adminify < 4.2.10 - Contributor+ Sensitive Information Disclosure via Global Search AJAX

The Adminify WordPress plugin before 4.2.10 does not perform per-user read-capability checks on the results returned by one of its administration search features, allowing users with a low-privilege role Contributor to disclose non-public content that WordPress would not otherwise expose to them,...

0.00189EPSS
Exploits0References1
cve
cve
added 2026/07/02 6:0 a.m.18 views

CVE-2026-11781

The CVE-2026-11781 entry affects the Adminify WordPress plugin prior to version 4.2.10. The vulnerability arises because the plugin does not perform per-user read-capability checks on results returned by an administration search feature. As a result, users with a low-privilege role (Contributor) ...

2.7CVSS5.7AI score0.00189EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/02/19 7:28 a.m.7 views

CVE-2026-2112

The Dam Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing nonce verification on the pending comment deletion action in the cleanup page. This makes it possible for unauthenticated attackers to delete all pendi...

4.3CVSS5.5AI score0.00165EPSS
Exploits0References1
nvd
nvd
added 2026/02/18 8:16 a.m.6 views

CVE-2026-2112

The Dam Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing nonce verification on the pending comment deletion action in the cleanup page. This makes it possible for unauthenticated attackers to delete all pendi...

4.3CVSS0.00165EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/02/18 7:25 a.m.3 views

CVE-2026-2112 Dam Spam <= 1.0.8 - Cross-Site Request Forgery to Arbitrary Pending Comment Deletion

The Dam Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing nonce verification on the pending comment deletion action in the cleanup page. This makes it possible for unauthenticated attackers to delete all pendi...

4.3CVSS5.5AI score0.00165EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/02/18 7:25 a.m.5 views

CVE-2026-2112

The Dam Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing nonce verification on the pending comment deletion action in the cleanup page. This makes it possible for unauthenticated attackers to delete all pendi...

4.3CVSS5.5AI score0.00165EPSS
Exploits0References6
cve
cve
added 2026/02/18 7:25 a.m.15 views

CVE-2026-2112

CVE-2026-2112 (Dam Spam WordPress plugin) : The Dam Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 1.0.8 due to missing nonce verification on the pending comment deletion action in the cleanup page. This allows unauthenticated attackers to delete all p...

4.3CVSS5.5AI score0.00165EPSS
Exploits0References5
patchstack
patchstack
added 2026/02/18 12:31 a.m.50 views

WordPress Dam Spam plugin <= 1.0.8 - Cross-Site Request Forgery to Arbitrary Pending Comment Deletion vulnerability

Cross-Site Request Forgery to Arbitrary Pending Comment Deletion vulnerability discovered by Duong Quang Hao in WordPress Plugin Dam Spam versions = 1.0.8...

4.3CVSS5.5AI score0.00165EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2026/02/18 12:0 a.m.13 views

PT-2026-20298

The Dam Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing nonce verification on the pending comment deletion action in the cleanup page. This makes it possible for unauthenticated attackers to delete all pendi...

4.3CVSS5.5AI score0.00165EPSS
Exploits0References6
redhatcve
redhatcve
added 2025/06/08 7:19 a.m.16 views

CVE-2025-2935

The Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2024.7. This is due to missing or incorrect nonce validation in the 'ssoptionmaint.php' and 'ssuserfilterlist' files. This make...

5.4CVSS5AI score0.00166EPSS
Exploits0References1
Rows per page
Query Builder