Lucene search
K

7 matches found

NVD
NVD
added 2026/06/24 7:16 a.m.14 views

CVE-2026-8617

The SearchPlus plugin for WordPress is vulnerable to unauthorized modification and deletion of data in versions up to, and including, 1.7.1. This is due to a missing capability check and missing nonce validation on the searchplussavetokenactioncallback and searchplusresettokenactioncallback...

5.3CVSS0.00228EPSS
Exploits0References5
CVE
CVE
added 2026/06/24 5:33 a.m.12 views

CVE-2026-8617

The CVE concerns the WordPress SearchPlus plugin (versions up to and including 1.7.1). The vulnerability arises from a missing capability check and missing nonce validation in two AJAX callback functions, searchplus_save_token_action_callback() and searchplus_reset_token_action_callback(), which ...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.33 views

CVE-2026-8617 SearchPlus <= 1.7.1 - Missing Authorization to Unauthenticated Settings Modification and Deletion via searchplus_save_token & searchplus_reset_token AJAX Actions

The SearchPlus plugin for WordPress is vulnerable to unauthorized modification and deletion of data in versions up to, and including, 1.7.1. This is due to a missing capability check and missing nonce validation on the searchplussavetokenactioncallback and searchplusresettokenactioncallback...

5.3CVSS0.00228EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:33 a.m.8 views

CVE-2026-8617

The SearchPlus plugin for WordPress is vulnerable to unauthorized modification and deletion of data in versions up to, and including, 1.7.1. This is due to a missing capability check and missing nonce validation on the searchplussavetokenactioncallback and searchplusresettokenactioncallback...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/24 5:33 a.m.8 views

EUVD-2026-38674

The SearchPlus plugin for WordPress is vulnerable to unauthorized modification and deletion of data in versions up to, and including, 1.7.1. This is due to a missing capability check and missing nonce validation on the searchplussavetokenactioncallback and searchplusresettokenactioncallback...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51681

Name of the Vulnerable Software and Affected Versions SearchPlus versions prior to 1.7.2 Description The SearchPlus plugin for WordPress allows unauthenticated users to modify or delete stored data. This occurs because the searchplus save token action callback and searchplus reset token action...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References11
Patchstack
Patchstack
added 2026/06/23 4:38 p.m.7 views

WordPress SearchPlus plugin <= 1.7.1 - Missing Authorization to Unauthenticated Settings Modification and Deletion vulnerability

Missing Authorization to Unauthenticated Settings Modification and Deletion vulnerability discovered by Legion Hunter in WordPress Plugin SearchPlus versions = 1.7.1...

5.3CVSS5.8AI score0.00228EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder