Lucene search
K

347 matches found

Nuclei
Nuclei
added yesterday11 views

ListingPro < 2.6.1 - Arbitrary Plugin Installation/Activation/Deactivation

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lpccaddonsactions function. This makes it possible for unauthenticated attacker...

9.8CVSS7.1AI score0.04304EPSS
Exploits1References2
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42172

The WP Learn Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.8. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to install and activat...

9.8CVSS6AI score0.00364EPSS
Exploits0References5
CVE
CVE
added 6 days ago15 views

CVE-2026-12153

CVE-2026-12153 affects the WordPress WP Learn Manager plugin up to version 1.1.8. The vulnerability is an authorization bypass in the jslearnmanager_ajax AJAX action, allowing unauthenticated attackers to install and activate arbitrary plugins from the WordPress.org repository on affected sites. ...

9.8CVSS6AI score0.00364EPSS
Exploits0References5
NVD
NVD
added 2026/06/27 8:16 a.m.11 views

CVE-2026-12471

The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the activateplugin function in all versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate a limited set o...

4.3CVSS0.00196EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/27 6:50 a.m.9 views

EUVD-2026-39954

The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the activateplugin function in all versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate a limited set o...

4.3CVSS5.8AI score0.00196EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/27 6:50 a.m.9 views

CVE-2026-12471

The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the activateplugin function in all versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate a limited set o...

4.3CVSS5.8AI score0.00196EPSS
Exploits0References5
CVE
CVE
added 2026/06/27 6:50 a.m.14 views

CVE-2026-12471

The CVE concerns the Spexo WordPress theme. A missing capability check in the activate_plugin function affects all versions up to and including 2.0.11, allowing authenticated attackers with Subscriber-level access and above to activate a limited set of plugins. The information from connected docu...

4.3CVSS5.8AI score0.00196EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/27 6:50 a.m.37 views

CVE-2026-12471 Spexo <= 2.0.11 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation

The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the activateplugin function in all versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate a limited set o...

4.3CVSS0.00196EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.27 views

CVE-2024-52488 WordPress Grip theme <= 1.0.9 - Arbitrary Plugin Activation/Deactivation to RCE vulnerability

Subscriber Arbitrary File Upload in Grip = 1.0.9 versions...

9.9CVSS0.00471EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/15 5:6 a.m.178 views

Exploit for CVE-2026-10795

CVE Lab: CVE-2026-10795 - UpdraftPlus UpdraftCentral RPC Authe...

8.1CVSS6.6AI score0.03578EPSS
Exploits3
Patchstack
Patchstack
added 2026/06/11 12:33 p.m.11 views

WordPress Restaurant Cafeteria theme <= 0.4.6 - Subscriber+ Arbitrary Plugin Installation/Activation vulnerability

Subscriber+ Arbitrary Plugin Installation/Activation vulnerability discovered by Khaled Alenazi Nxploited in WordPress Theme Restaurant Cafeteria versions = 0.4.6...

5.4CVSS5.4AI score0.0022EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.10 views

CVE-2026-5464

The ExactMetrics – Google Analytics Dashboard for WordPress Website Stats Plugin plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation in all versions up to, and including, 9.1.2. This is due to the reports page exposing the 'onboardingkey' transient to a...

7.2CVSS5.6AI score0.00695EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.14 views

CVE-2026-4326

The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. This is due to improper authorization enforcement in the activaterequiredplugins function. Specifically, the currentusercan'installplugins' capability check does...

8.8CVSS5.9AI score0.00578EPSS
Exploits0References1
CVE
CVE
added 2026/05/22 4:29 a.m.24 views

CVE-2026-2518

The CVE-2026-2518 entry concerns the WordPress FastX theme. The vulnerability is due to missing capability checks in two callbacks, ultp_install_callback and ultp_activate_callback, affecting all versions up to and including 1.0.2. This allows authenticated attackers with Subscriber-level access ...

4.3CVSS5.8AI score0.0023EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.17 views

PT-2026-42722

Name of the Vulnerable Software and Affected Versions FastX theme for WordPress versions prior to 1.0.3 Description The FastX theme for WordPress allows authenticated attackers with Subscriber-level access or higher to install and activate the PostX plugin. This is caused by missing capability...

4.3CVSS5.8AI score0.0023EPSS
Exploits0References9
Patchstack
Patchstack
added 2026/05/21 3:59 p.m.11 views

WordPress FastX theme <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation and Activation vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Plugin Installation and Activation vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Theme FastX versions = 1.0.2...

4.3CVSS5.8AI score0.0023EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/23 8:28 a.m.7 views

CVE-2026-5464

The ExactMetrics – Google Analytics Dashboard for WordPress Website Stats Plugin plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation in all versions up to, and including, 9.1.2. This is due to the reports page exposing the 'onboardingkey' transient to a...

7.2CVSS5.8AI score0.00695EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/23 8:28 a.m.5 views

CVE-2026-5464 ExactMetrics <= 9.1.2 - Authenticated (Editor+) Arbitrary Plugin Installation/Activation via exactmetrics_connect_process

The ExactMetrics – Google Analytics Dashboard for WordPress Website Stats Plugin plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation in all versions up to, and including, 9.1.2. This is due to the reports page exposing the 'onboardingkey' transient to a...

7.2CVSS5.8AI score0.00695EPSS
Exploits0References5
CVE
CVE
added 2026/04/23 8:28 a.m.81 views

CVE-2026-5464

The CVE concerns the WordPress plugin ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats) up to version 9.1.2. The root cause is exposure of the onboarding_key transient on the reports page to users with the exactmetrics_view_dashboard capability, which gates the /wp-json/exac...

7.2CVSS5.8AI score0.00695EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/04/23 3:25 a.m.7 views

WordPress ExactMetrics plugin <= 9.1.2 - Authenticated (Editor+) Arbitrary Plugin Installation/Activation via exactmetrics_connect_process vulnerability

Authenticated Editor+ Arbitrary Plugin Installation/Activation via exactmetricsconnectprocess vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin ExactMetrics versions = 9.1.2...

7.2CVSS5.8AI score0.00695EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder