Lucene search
K

90 matches found

CVE
CVE
added 2 days ago7 views

CVE-2026-12385

CVE-2026-12385 affects the Smart Slider 3 WordPress plugin up to version 3.5.1.37. The issue is a Sensitive Information Exposure via the keyword parameter, enabling authenticated attackers with contributor-level access and above to extract titles and full content excerpts from private, draft, pen...

4.3CVSS6.1AI score0.00242EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/01 7:53 a.m.9 views

EUVD-2026-40937

The Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized Private Content Disclosure in all versions up to, and including, 4.9.8 via the /wp-json/slim-seo/meta-tags/ai REST API endpoint. This is due to the endpoint's permissioncallback performin...

4.3CVSS5.9AI score0.00257EPSS
Exploits0References8
NVD
NVD
added 2026/06/19 6:17 a.m.13 views

CVE-2026-9013

The Bogo plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.1 via the bogorestcreateposttranslation. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the raw title, content, excerpt,...

4.3CVSS0.00254EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:31 a.m.7 views

CVE-2026-9013

The Bogo plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.1 via the bogorestcreateposttranslation. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the raw title, content, excerpt,...

4.3CVSS5.8AI score0.00254EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.9 views

CVE-2026-1881

The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the getsponsoredmeta AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS5.4AI score0.00219EPSS
Exploits0References1
NVD
NVD
added 2026/05/21 2:16 a.m.20 views

CVE-2026-1881

The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the getsponsoredmeta AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS0.00219EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/21 1:26 a.m.9 views

CVE-2026-1881 Broadstreet <= 1.52.2 - Authenticated (Subscriber+) Private Post Meta Disclosure via get_sponsored_meta

The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the getsponsoredmeta AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS5.8AI score0.00219EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/21 1:26 a.m.13 views

EUVD-2026-31206

The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the getsponsoredmeta AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS5.8AI score0.00219EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/21 1:26 a.m.49 views

CVE-2026-1881 Broadstreet <= 1.52.2 - Authenticated (Subscriber+) Private Post Meta Disclosure via get_sponsored_meta

The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the getsponsoredmeta AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS0.00219EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/20 1:15 p.m.11 views

WordPress Broadstreet plugin <= 1.52.2 - Authenticated (Subscriber+) Private Post Meta Disclosure vulnerability

Authenticated Subscriber+ Private Post Meta Disclosure vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Broadstreet Ads versions = 1.52.2...

4.3CVSS5.8AI score0.00219EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/11 2:16 a.m.8 views

CVE-2026-3358

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized private course enrollment in all versions up to, and including, 3.9.7. This is due to missing poststatus validation in the enrollnow and courseenrollment functions. Both enrollment endpoints...

5.4CVSS0.00374EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/02/17 11:45 p.m.8 views

WordPress Context Blog theme <= 1.2.5 - Unauthenticated Private Post Disclosure vulnerability

Unauthenticated Private Post Disclosure vulnerability discovered by jsonc in WordPress Theme Context Blog versions = 1.2.5...

5.3CVSS5.5AI score0.00336EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/01 9:18 a.m.20 views

CVE-2025-15525

The Ajax Load More – Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable to unauthorized access of data due to incorrect authorization on the parsecustomargs function in all versions up to, and including, 7.8.1. This makes it possible for unauthenticated attackers to expose...

5.3CVSS5.9AI score0.00264EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/30 10:49 p.m.9 views

WordPress Ajax Load More - Infinite Scroll, Lazy Load & Load More plugin <= 7.8.1 - Incorrect Authorization to Unauthenticated Private/Draft Post Title and Excerpt Exposure vulnerability

WordPress Ajax Load More - Infinite Scroll, Lazy Load & Load More plugin = 7.8.1 - Incorrect Authorization to Unauthenticated Private/Draft Post Title and Excerpt Exposure vulnerability discovered by shark3y in WordPress Plugin Ajax Load More versions = 7.8.1...

5.3CVSS5.9AI score0.00264EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/07 9:16 a.m.5 views

CVE-2025-13812

The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the gamipressajaxgetposts and gamipressajaxgetusers functions in all versions up to, and including...

4.3CVSS5AI score0.00172EPSS
Exploits0References1
NVD
NVD
added 2026/01/06 8:15 a.m.7 views

CVE-2025-13812

The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the gamipressajaxgetposts and gamipressajaxgetusers functions in all versions up to, and including...

4.3CVSS0.00172EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/06 7:22 a.m.4 views

CVE-2025-13812 GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress <= 7.6.1 - Missing Authorization to Authenticated (Subscriber+) Information Exposure

The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the gamipressajaxgetposts and gamipressajaxgetusers functions in all versions up to, and including...

4.3CVSS4.7AI score0.00172EPSS
Exploits0References2
CVE
CVE
added 2026/01/06 7:22 a.m.15 views

CVE-2025-13812

CVE-2025-13812 concerns the GamiPress – Gamification plugin for WordPress. The Wordfence doc confirms a missing capability check in the functions gamipress_ajax_get_posts and gamipress_ajax_get_users, allowing authenticated users with Subscriber+ level to enumerate users (including emails) and to...

4.3CVSS4.7AI score0.00172EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/06 7:22 a.m.28 views

CVE-2025-13812 GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress <= 7.6.1 - Missing Authorization to Authenticated (Subscriber+) Information Exposure

The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the gamipressajaxgetposts and gamipressajaxgetusers functions in all versions up to, and including...

4.3CVSS0.00172EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/15 11:9 p.m.1 views

CVE-2025-66402 misskey.js's export data contains private post data

Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025.12.0, an actor who does not have permission to view favorites or clips can can export the posts and view the contents. Version 2025.12.0 fixes the issue...

7.1CVSS6.4AI score0.00274EPSS
Exploits1References2
Rows per page
Query Builder