Lucene search
+L

5 matches found

CVE
CVE
added 2026/02/25 8:25 a.m.18 views

CVE-2026-1916

The CVE concerns the WPGSI: Spreadsheet Integration WordPress plugin (up to version 3.8.3). The vulnerability arises from missing authorization on two REST API functions (wpgsi_callBackFuncAccept and wpgsi_callBackFuncUpdate), where permission_callback => '__return_true' allows unauthenticated...

7.5CVSS5.7AI score0.00357EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-11695

Malware in sbrugna...

6.5CVSS6.4AI score0.00798EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/05/23 1:49 a.m.8 views

CVE-2023-2173

The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the badgeosdeletestepajaxhandler, badgeosdeleteawardstepajaxhandler, badgeosdeletedeductstepajaxhandler,...

6.5CVSS6.7AI score0.00519EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:24 p.m.9 views

CVE-2021-24989

The Accept Donations with PayPal WordPress plugin before 1.3.4 does not have CSRF check in place and does not ensure that the post to be deleted belongs to the plugin, allowing attackers to make a logged in admin delete arbitrary posts from the blog...

6.5CVSS6.8AI score0.00538EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:24 p.m.6 views

CVE-2021-24281

In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the deleteactionpost AJAX action to delete any post on a target site...

4.3CVSS6.6AI score0.00663EPSS
Exploits2References1
Rows per page
Query Builder