Lucene search
K

20 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-13394

Malicious code in bioql PyPI...

8.8CVSS7AI score0.00512EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-12131

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00241EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/08 2:25 a.m.19 views

CVE-2025-3609

The Reales WP STPT plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 2.1.2. This is due to the 'realesusersignupform' AJAX action not verifying if user registration is enabled, prior to registering a user. This makes it possible for...

5.3CVSS6.4AI score0.0024EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/08 2:25 a.m.21 views

CVE-2025-3610

The Reales WP STPT plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.1.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password. This makes it possible for authenticat...

8.8CVSS8.1AI score0.00512EPSS
Exploits0References1
NVD
NVD
added 2025/05/06 3:15 a.m.14 views

CVE-2025-3609

The Reales WP STPT plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 2.1.2. This is due to the 'realesusersignupform' AJAX action not verifying if user registration is enabled, prior to registering a user. This makes it possible for...

5.3CVSS0.0024EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/06 1:42 a.m.10 views

CVE-2025-3609 Reales WP STPT <= 2.1.2 - Unauthorized User Registration

The Reales WP STPT plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 2.1.2. This is due to the 'realesusersignupform' AJAX action not verifying if user registration is enabled, prior to registering a user. This makes it possible for...

5.3CVSS8.5AI score0.0024EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/06 1:42 a.m.19 views

CVE-2025-3609 Reales WP STPT <= 2.1.2 - Unauthorized User Registration

The Reales WP STPT plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 2.1.2. This is due to the 'realesusersignupform' AJAX action not verifying if user registration is enabled, prior to registering a user. This makes it possible for...

5.3CVSS0.0024EPSS
Exploits0References2
CVE
CVE
added 2025/05/06 1:42 a.m.65 views

CVE-2025-3609

CVE-2025-3609: Reales WP STPT for WordPress allows unauthenticated user registration via the reales_user_signup_form AJAX action in all versions up to 2.1.2, due to a missing check on whether user registration is enabled. Root cause is the action not verifying the registration state before creati...

5.3CVSS6.7AI score0.0024EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/06 1:42 a.m.9 views

CVE-2025-3610 Reales WP STPT <= 2.1.2 - Authenticated (Subscriber+) Privilege Escalation via Password Update

The Reales WP STPT plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.1.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password. This makes it possible for authenticat...

8.8CVSS6.2AI score0.00512EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/06 1:42 a.m.23 views

CVE-2025-3610 Reales WP STPT <= 2.1.2 - Authenticated (Subscriber+) Privilege Escalation via Password Update

The Reales WP STPT plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.1.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password. This makes it possible for authenticat...

8.8CVSS0.00512EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/05/06 12:0 a.m.3 views

PT-2025-19823 · WordPress · Reales Wp Stpt

Name of the Vulnerable Software and Affected Versions: Reales WP STPT plugin for WordPress versions up to and including 2.1.2 Description: The issue allows unauthorized user registration due to the 'reales user signup form' AJAX action not checking if user registration is enabled before registeri...

5.3CVSS6.2AI score0.0024EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/05/06 12:0 a.m.3 views

WordPress plugin Reales WP STPT 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

5.3CVSS6.3AI score0.0024EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/05/05 8:53 p.m.12 views

WordPress Reales WP STPT plugin <= 2.1.2 - Unauthorized User Registration vulnerability

Unauthorized User Registration vulnerability discovered by Foxyyy in WordPress Plugin Reales WP STPT versions = 2.1.2...

5.3CVSS8.3AI score0.0024EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/04/24 9:15 a.m.11 views

CVE-2024-13307

The Reales WP - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'realesdeletefile', 'realesdeletefileplans', 'realesaddtofavourites', and 'realesremovefromfavourites' functions in all versions up...

5.3CVSS0.00241EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/24 8:23 a.m.6 views

CVE-2024-13307 Reales WP - Real Estate WordPress Theme <= 2.1.2 - Missing Authorization to Unauthenticated Attachment Deletion and Favorite Property Updates

The Reales WP - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'realesdeletefile', 'realesdeletefileplans', 'realesaddtofavourites', and 'realesremovefromfavourites' functions in all versions up...

5.3CVSS6.9AI score0.00241EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/24 8:23 a.m.16 views

CVE-2024-13307 Reales WP - Real Estate WordPress Theme <= 2.1.2 - Missing Authorization to Unauthenticated Attachment Deletion and Favorite Property Updates

The Reales WP - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'realesdeletefile', 'realesdeletefileplans', 'realesaddtofavourites', and 'realesremovefromfavourites' functions in all versions up...

5.3CVSS0.00241EPSS
Exploits0References2
CVE
CVE
added 2025/04/24 8:23 a.m.79 views

CVE-2024-13307

CVE-2024-13307 concerns the Reales WP Real Estate WordPress Theme (versions

5.3CVSS5.2AI score0.00241EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/24 12:0 a.m.5 views

PT-2025-17707 · WordPress · The Reales Wp

Name of the Vulnerable Software and Affected Versions: The Reales WP - Real Estate WordPress Theme versions up to, and including, 2.1.2 Description: The issue allows unauthorized modification and loss of data due to a missing capability check on the reales delete file, reales delete file plans,...

5.3CVSS6.3AI score0.00241EPSS
Exploits0References8
Patchstack
Patchstack
added 2025/04/23 8:47 p.m.3 views

WordPress Reales WP theme <= 2.1.2 - Missing Authorization to Unauthenticated Attachment Deletion and Favorite Property Updates vulnerability

Missing Authorization to Unauthenticated Attachment Deletion and Favorite Property Updates vulnerability discovered by Lucio Sá in WordPress Theme Reales WP versions = 2.1.2...

5.3CVSS7AI score0.00241EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/04/23 12:0 a.m.5 views

WordPress Reales WP Theme <= 2.1.2 is vulnerable to Broken Access Control

Software Reales WP Type Theme Vulnerable versions = 2.1.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-13307 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 235c47c33cda Credits Lucio Sá Required privilege...

5.3CVSS6.5AI score0.00241EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder