Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

GithubExploit
GithubExploitadded 2026/04/18 9:39 a.m.69 views

Exploit for CVE-2025-14364

CVE-2025-14364 Demo Importer Plus = 2.0.8 - Missing Author...

8.8CVSS5.9AI score0.00064EPSS
Exploits1
Wordfence Blog
Wordfence Blogadded 2026/01/07 5:25 p.m.8 views

10,000 WordPress Sites Protected Against Site Reset and Privilege Escalation Vulnerability in Demo Importer Plus WordPress Plugin

On November 27th, 2025, we received a submission for a Site Reset and Privilege Escalation vulnerability in Demo Importer Plus, a WordPress plugin with more than 10,000 active installations. This vulnerability can be leveraged to trigger a full site reset and assign the administrator role to the...

8.8CVSS6AI score0.00064EPSS
Exploits1
RedhatCVE
RedhatCVEadded 2025/12/19 9:34 a.m.6 views

CVE-2025-14364

The Demo Importer Plus plugin for WordPress is vulnerable to unauthorized modification of data, loss of data, and privilege escalation due to a missing capability check on the Ajax::handlerequest function in all versions up to, and including, 2.0.8. This makes it possible for authenticated...

8.8CVSS5.3AI score0.00064EPSS
Exploits1References1
NVD
NVDadded 2025/12/18 10:16 a.m.3 views

CVE-2025-14364

The Demo Importer Plus plugin for WordPress is vulnerable to unauthorized modification of data, loss of data, and privilege escalation due to a missing capability check on the Ajax::handlerequest function in all versions up to, and including, 2.0.8. This makes it possible for authenticated...

8.8CVSS0.00064EPSS
Exploits1References2
Cvelist
Cvelistadded 2025/12/18 9:21 a.m.23 views

CVE-2025-14364 Demo Importer Plus <= 2.0.8 - Missing Authorization to Authenticated (Subscriber+) Site Reset and Privilege Escalation

The Demo Importer Plus plugin for WordPress is vulnerable to unauthorized modification of data, loss of data, and privilege escalation due to a missing capability check on the Ajax::handlerequest function in all versions up to, and including, 2.0.8. This makes it possible for authenticated...

8.8CVSS0.00064EPSS
Exploits1References2
CVE
CVEadded 2025/12/18 9:21 a.m.17 views

CVE-2025-14364

CVE-2025-14364 affects the WordPress Demo Importer Plus plugin (versions

8.8CVSS5AI score0.00064EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2025/12/18 9:21 a.m.3 views

CVE-2025-14364 Demo Importer Plus <= 2.0.8 - Missing Authorization to Authenticated (Subscriber+) Site Reset and Privilege Escalation

The Demo Importer Plus plugin for WordPress is vulnerable to unauthorized modification of data, loss of data, and privilege escalation due to a missing capability check on the Ajax::handlerequest function in all versions up to, and including, 2.0.8. This makes it possible for authenticated...

8.8CVSS5AI score0.00064EPSS
Exploits1References2
Patchstack
Patchstackadded 2025/12/18 7:23 a.m.5 views

WordPress Demo Importer Plus plugin <= 2.0.8 - Missing Authorization to Authenticated (Subscriber+) Site Reset and Privilege Escalation vulnerability

Missing Authorization to Authenticated Subscriber+ Site Reset and Privilege Escalation vulnerability discovered by shark3y in WordPress Plugin Demo Importer Plus versions = 2.0.8...

8.8CVSS6.6AI score0.00064EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder