Lucene search
K

7 matches found

NVD
NVD
added 8 hours ago3 views

CVE-2026-10750

The Royal MCP WordPress plugin before 1.4.26 does not perform capability checks on the majority of its MCP tools after token authentication, allowing authenticated users with a low-privileged role such as Subscriber to read private content, enumerate all users and their roles, and create, modify,...

8.1CVSS
Exploits0References1
CVE
CVE
added 9 hours ago7 views

CVE-2026-10750

CVE-2026-10750 concerns the Royal MCP WordPress plugin prior to 1.4.26. The issue arises because the plugin does not perform capability checks on most MCP tools after token authentication, enabling authenticated, low-privilege users (e.g., Subscriber) to read private content, enumerate users and ...

8.1CVSS5.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/24 7:26 a.m.3 views

CVE-2026-1103 AIKTP <= 5.0.04 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrator Actions

The AIKTP plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the /aiktp/getToken REST API endpoint in all versions up to, and including, 5.0.04. The endpoint uses the 'verifyuserloggedin' as a permission callback, which only checks if a...

5.4CVSS5.9AI score0.00239EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-11573

Malware in sbrugna...

4.3CVSS4.9AI score0.00739EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2017-1000483

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method...

6.5CVSS6.6AI score0.00923EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.22 views

RHEL 5 : conga (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - plone: private content access in through-the-web templates CVE-2017-1000483 - plone: Open URL redirect...

6.1CVSS6.9AI score0.0258EPSS
Exploits8References14
CNVD
CNVD
added 2018/01/05 12:0 a.m.0 views

Plone Information Disclosure Vulnerability (CNVD-2018-02150)

Plone is the U.S. Plone Foundation's set of free and open source content management system CMS built on an application server Zope. The system is developed in Python language , suitable for web portals , internal and external corporate websites , document publishing systems and so on. An...

6.5CVSS6.4AI score0.00923EPSS
Exploits0References1
Rows per page
Query Builder