Lucene search
K

8450 matches found

NVD
NVD
added 7 hours ago4 views

CVE-2026-9676

The F4 Post Tree WordPress plugin before 2.0.5 does not perform capability checks or CSRF/nonce verification on one of its AJAX actions, allowing authenticated users with Subscriber-level access and above to modify the parent and menu order of arbitrary posts...

Exploits0References1
CVE
CVE
added 8 hours ago7 views

CVE-2026-9676

The CVE-2026-9676 affects the F4 Post Tree WordPress plugin prior to version 2.0.5. An AJAX action lacks capability checks and CSRF/nonce verification, allowing authenticated users with Subscriber-level access or higher to modify the parent and menu order of arbitrary posts. Root cause: missing a...

5.9AI score
Exploits0References1
EUVD
EUVD
added 8 hours ago4 views

EUVD-2026-40040

The F4 Post Tree WordPress plugin before 2.0.5 does not perform capability checks or CSRF/nonce verification on one of its AJAX actions, allowing authenticated users with Subscriber-level access and above to modify the parent and menu order of arbitrary posts...

5.9AI score
Exploits0References1
Nuclei
Nuclei
added 8 hours ago13 views

WordPress CBX Bookmark & Favorite Plugin <= 2.0.4 - SQL Injection

CBX Bookmark & Favorite WordPress plugin = 2.0.4 contains a SQL injection caused by insufficient escaping of the 'orderby' parameter, letting authenticated attackers with Subscriber-level access extract sensitive database information id: CVE-2025-13652 info: name: WordPress CBX Bookmark & Favorit...

6.5CVSS5.8AI score0.01077EPSS
Exploits0References3
EUVD
EUVD
added yesterday8 views

EUVD-2026-39968

The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authenticated Arbitrary File Deletion in versions up to and including 23.6. This is due to a case-sensitive bypass of the wpfmdirpath parameter sanitization in the wpfmfilemetaupdate AJAX handler, where supplying WPFMDIRPATH i...

8.1CVSS5.8AI score0.00417EPSS
Exploits0References4
NVD
NVD
added 2 days ago6 views

CVE-2026-3462

The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'uploadcsv' and 'processbatch' functions in all versions up to, and including, 1.8.9. This makes it possible for authenticated attackers, with Subscriber-level access an...

6.5CVSS0.00276EPSS
Exploits1References5
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-39958

The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'uploadcsv' and 'processbatch' functions in all versions up to, and including, 1.8.9. This makes it possible for authenticated attackers, with Subscriber-level access an...

6.5CVSS5.9AI score0.00276EPSS
Exploits1References5
CVE
CVE
added 2 days ago17 views

CVE-2026-3462

CVE-2026-3462 affects the Frisbii Pay plugin for WordPress (all versions up to 1.8.9). The vulnerability arises from missing capability checks on upload_csv and process_batch, enabling authenticated attackers with Subscriber-level access or higher to modify data by uploading arbitrary CSVs and ov...

6.5CVSS5.9AI score0.00276EPSS
Exploits1References5
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-3462 Frisbii Pay <= 1.8.9 - Missing Authorization to Authenticated (Subscriber+) Payment Token Modification

The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'uploadcsv' and 'processbatch' functions in all versions up to, and including, 1.8.9. This makes it possible for authenticated attackers, with Subscriber-level access an...

6.5CVSS0.00276EPSS
Exploits1References5
CVE
CVE
added 2 days ago8 views

CVE-2026-12471

The CVE concerns the Spexo WordPress theme. A missing capability check in the activate_plugin function affects all versions up to and including 2.0.11, allowing authenticated attackers with Subscriber-level access and above to activate a limited set of plugins. The information from connected docu...

4.3CVSS5.8AI score0.00196EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-39954

The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the activateplugin function in all versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate a limited set o...

4.3CVSS5.8AI score0.00196EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-39951

The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modification, creation, and deletion of data in versions up to and including 0.8.9. This is due to a missing capability check and missing nonce verification in the invoke methods of the...

4.3CVSS5.9AI score0.00213EPSS
Exploits0References8
CVE
CVE
added 2 days ago10 views

CVE-2026-11364

CVE-2026-11364 affects the Product Specifications for WooCommerce plugin for WordPress up to version 0.8.9. The root cause is missing capability checks and absent nonce verification in the __invoke() methods of AttributeGroupController and AttributeController, tied to AJAX actions dwps_modify_gro...

4.3CVSS5.9AI score0.00213EPSS
Exploits0References8
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-39948

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.4 via the 'id' parameter due to missing validation on a user controlled key. This...

4.3CVSS5.7AI score0.00271EPSS
Exploits0References14
NVD
NVD
added 3 days ago7 views

CVE-2026-57661

Subscriber Broken Access Control in WPComplete = 2.9.5.5 versions...

5.4CVSS0.00223EPSS
Exploits0References1
NVD
NVD
added 3 days ago7 views

CVE-2026-57646

Subscriber Insecure Direct Object References IDOR in Majestic Support = 1.1.7 versions...

5.4CVSS0.00181EPSS
Exploits0References1
NVD
NVD
added 3 days ago6 views

CVE-2026-57649

Subscriber Broken Access Control in Shoppable Images Lite = 1.3 versions...

4.3CVSS0.00213EPSS
Exploits0References1
NVD
NVD
added 3 days ago6 views

CVE-2026-57640

Subscriber Broken Access Control in MasterStudy LMS = 3.7.30 versions...

4.3CVSS0.00243EPSS
Exploits0References1
NVD
NVD
added 3 days ago6 views

CVE-2026-57632

Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend = 1.19.0 versions...

5.4CVSS0.00275EPSS
Exploits0References1
NVD
NVD
added 3 days ago5 views

CVE-2026-57622

Subscriber Broken Access Control in WPCafe = 3.0.14 versions...

4.3CVSS0.00259EPSS
Exploits0References1
Rows per page
Query Builder