Lucene search
K

4 matches found

nuclei
nuclei
added 2026/02/04 7:0 a.m.78 views

The Events Calendar <= 6.15.2 - Information Disclosure

The Events Calendar WordPress plugin = 6.15.2 contains an information disclosure vulnerability caused by REST endpoint exposure, letting unauthenticated attackers extract data about password-protected vendors or venues, exploit requires no authentication. id: CVE-2025-9808 info: name: The Events...

5.3CVSS6.2AI score0.00771EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/01/20 4:35 a.m.4 views

CVE-2025-14977

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.2.4 via the /wp-json/dokan/v1/settings REST API endpoint due to missing validation on a...

8.1CVSS5.4AI score0.00265EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2025/12/12 12:0 a.m.8 views

PT-2025-50919

Name of the Vulnerable Software and Affected Versions Bookit WordPress plugin versions prior to 2.5.1 Description The Bookit WordPress plugin contains a publicly accessible REST endpoint that allows unauthenticated modification of the plugin's Stripe payment settings. This allows attackers to alt...

5.3CVSS5.4AI score0.00654EPSS
Exploits0References5
osv
osv
added 2025/03/19 5:36 p.m.20 views

CVE-2025-29925 XWiki allows unregistered users to access private pages information through REST endpoint

XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, protected pages are listed when requesting the REST endpoints /rest/wikis/wikiName/pages even if the user doesn't have view rights on them. It's particularly true if the entire wiki is protected with "Prevent...

8.7CVSS6.5AI score0.00906EPSS
Exploits1References7
Rows per page
Query Builder