Lucene search
K

461 matches found

Patchstack
Patchstack
added 2025/12/17 7:12 a.m.7 views

WordPress WP Social Ninja plugin <= 4.0.1 - Missing Authorization to Unauthenticated Plugin's Settings Disclosure And Modification vulnerability

Missing Authorization to Unauthenticated Plugin's Settings Disclosure And Modification vulnerability discovered by shark3y in WordPress Plugin WP Social Ninja versions = 4.0.1...

6.5CVSS6.7AI score0.00217EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/12/15 2:25 p.m.19 views

CVE-2025-13950

CVE-2025-13950 affects the OneSignal – Web Push Notifications WordPress plugin. It allows unauthenticated modification of data (App ID, REST API key, and notification behavior) via POST requests due to a missing capability check in settings handling for all versions up to 3.6.1. The issue is netw...

5.3CVSS5AI score0.003EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/13 12:3 a.m.3 views

CVE-2025-13970 OpenPLC_V3 Cross-Site Request Forgery

OpenPLCV3 is vulnerable to a cross-site request forgery CSRF attack due to the absence of proper CSRF validation. This issue allows an unauthenticated attacker to trick a logged-in administrator into visiting a maliciously crafted link, potentially enabling unauthorized modification of PLC settin...

8CVSS6.5AI score0.00277EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/13 12:0 a.m.4 views

WordPress plugin Popover Windows 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...

4.3CVSS6.3AI score0.00158EPSS
Exploits0References3
NVD
NVD
added 2025/12/12 4:15 a.m.21 views

CVE-2025-13866

The Flow-Flow Social Feed Stream plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flowflowsocialauth AJAX action in versions 3.0.0 to 4.7.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

6.4CVSS0.00209EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/12 3:20 a.m.3 views

CVE-2025-13314 Product Filtering by Categories, Tags, Price Range for WooCommerce <= 1.1.6 - Missing Authorization to Unauthenticated Plugin Settings Modification

The Product Filtering by Categories, Tags, Price Range for WooCommerce – Filter Plus plugin for WordPress is vulnerable to unauthorized modification of data in all versions up to, and including, 1.1.6 due to a missing capability check on the 'filtersavesettings' and 'addfilteroptions' AJAX action...

5.3CVSS5.9AI score0.00239EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/12/12 3:20 a.m.28 views

CVE-2025-13314 Product Filtering by Categories, Tags, Price Range for WooCommerce <= 1.1.6 - Missing Authorization to Unauthenticated Plugin Settings Modification

The Product Filtering by Categories, Tags, Price Range for WooCommerce – Filter Plus plugin for WordPress is vulnerable to unauthorized modification of data in all versions up to, and including, 1.1.6 due to a missing capability check on the 'filtersavesettings' and 'addfilteroptions' AJAX action...

5.3CVSS0.00239EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/12/12 3:20 a.m.30 views

CVE-2025-14170 Vimeo SimpleGallery <= 0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification

The Vimeo SimpleGallery plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 0.2. This is due to missing authorization checks on the vimeogalleryadmin function hooked to adminmenu. This makes it possible for authenticated attackers, with Subscriber-lev...

4.3CVSS0.0019EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.3 views

WordPress plugin Simple Theme Changer 安全漏洞

...

4.3CVSS5.8AI score0.00158EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.5 views

WordPress plugin Vimeo SimpleGallery 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

5.3CVSS6.5AI score0.0019EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/12/11 11:10 p.m.6 views

WordPress Product Filtering by Categories, Tags, Price Range for WooCommerce plugin <= 1.1.6 - Missing Authorization to Unauthenticated plugin Settings Modification vulnerability

Missing Authorization to Unauthenticated plugin Settings Modification vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Filter Plus versions = 1.1.6...

5.3CVSS6.7AI score0.00239EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 8:54 p.m.6 views

WordPress Vimeo SimpleGallery plugin <= 0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Settings Modification vulnerability discovered by Legion Hunter in WordPress Plugin Vimeo SimpleGallery versions = 0.2...

5.3CVSS6.7AI score0.0019EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/06 5:54 a.m.6 views

CVE-2025-13144

The ContentStudio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.7. This is due to missing or insufficient nonce validation on the addcstusettings function. This makes it possible for unauthenticated attackers to modify plugin settings v...

4.3CVSS5.2AI score0.00133EPSS
Exploits0References1
CVE
CVE
added 2025/12/06 4:37 a.m.14 views

CVE-2025-12505

CVE-2025-12505 weDocs (WordPress) : The weDocs plugin

5.4CVSS5.4AI score0.00191EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/05 7:26 a.m.3 views

CVE-2025-13684 ARK Related Posts <= 2.19 - Cross-Site Request Forgery to Settings Update

The ARK Related Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 2.19. This is due to missing or incorrect nonce validation on the arkrpoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin's configuration settings via a...

4.3CVSS5.3AI score0.00133EPSS
Exploits0References3
NVD
NVD
added 2025/12/05 6:16 a.m.11 views

CVE-2025-13144

The ContentStudio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.7. This is due to missing or insufficient nonce validation on the addcstusettings function. This makes it possible for unauthenticated attackers to modify plugin settings v...

4.3CVSS0.00133EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/05 6:7 a.m.27 views

CVE-2025-12373 Torod – The smart shipping and delivery portal for e-shops and retailers <= 1.9 - Cross-Site Request Forgery To Plugin's Settings Modification

The Torod – The smart shipping and delivery portal for e-shops and retailers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the savesettings function. This makes it possible for...

4.3CVSS0.00129EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/05 6:7 a.m.6 views

CVE-2025-12373 Torod – The smart shipping and delivery portal for e-shops and retailers <= 1.9 - Cross-Site Request Forgery To Plugin's Settings Modification

The Torod – The smart shipping and delivery portal for e-shops and retailers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the savesettings function. This makes it possible for...

4.3CVSS4.8AI score0.00129EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/05 5:31 a.m.4 views

CVE-2025-13144 ContentStudio <= 1.3.7 - Cross-Site Request Forgery to Settings Update

The ContentStudio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.7. This is due to missing or insufficient nonce validation on the addcstusettings function. This makes it possible for unauthenticated attackers to modify plugin settings v...

4.3CVSS4.9AI score0.00133EPSS
Exploits0References3
CNVD
CNVD
added 2025/11/20 12:0 a.m.3 views

WordPress Download Panel plugin unauthorized settings modification vulnerability

WordPress Download Panel plugin is a tool for managing, tracking and controlling WordPress website file downloads, supports custom post types, drag-and-drop uploads, access control, etc. It allows you to set download speed, password protection and IP blocking, and provides rich download templates...

4.3CVSS6.9AI score0.00197EPSS
Exploits0References1
Rows per page
Query Builder