Lucene search
+L

8772 matches found

EUVD
EUVD
added 2026/07/10 3:31 a.m.6 views

EUVD-2026-42787

The WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possibl...

5.4CVSS5.9AI score0.00251EPSS
Exploits0References10
CVE
CVE
added 2026/07/10 3:31 a.m.11 views

CVE-2026-11818

The CVE concerns the WPCafe WordPress plugin (up to version 3.0.14) where an authorization bypass exists in REST API endpoints. Authenticated users with subscriber-level access and above can perform admin-only actions (list, create, update, delete, clone, bulk-delete) on notification flow workflo...

5.4CVSS5.9AI score0.00251EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/07/10 3:31 a.m.33 views

CVE-2026-11818 WPCafe <= 3.0.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via REST API

The WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possibl...

5.4CVSS0.00251EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/07/10 3:31 a.m.7 views

CVE-2026-11818

The WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possibl...

5.4CVSS5.9AI score0.00251EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/07/10 2:30 a.m.33 views

CVE-2026-5069 Fluent Forms <= 6.2.1 - Incorrect Authorization to Authenticated (Subscriber+) Arbitrary Subscription Cancellation via 'subscription_id'

The Fluent Forms plugin for WordPress is vulnerable to incorrect authorization via the 'subscriptionid' parameter in versions up to, and including, 6.2.1. This is due to insufficient ownership authorization checks in the payment cancellation AJAX flow. This makes it possible for authenticated...

5.4CVSS0.00176EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/09 9:13 p.m.50 views

CVE-2026-57031

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on MX Series allows adjacent subscribers to bypass configured firewall filters. On MX Series devices with MPC10/11, LC4800/9600, and MX304 with subscribers...

5.3CVSS6AI score0.00238EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/07/09 7:58 p.m.6 views

WordPress Import and export users and customers plugin <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Information Exposure vulnerability discovered by Tiago Ventura perses in WordPress Plugin Import and export users and customers versions = 2.4.0...

4.3CVSS6.1AI score0.00223EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/07/09 7:33 p.m.5 views

WordPress GW AI Website Builder plugin <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Settings Deletion vulnerability discovered by Legion Hunter in WordPress Plugin GW AI Website Builder versions = 1.0.1...

4.3CVSS6.1AI score0.00222EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/07/09 7:2 p.m.1 views

SUSE-SU-2026:2832-1 Security update for rustup

This update for rustup fixes the following issues Security issues: - CVE-2024-12224: idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded bsc1243862. - CVE-2025-58160: tracing-subscriber: Tracing log pollution bsc1249008. - CVE-2026-41676: openssl: Deriver:derive and...

9.8CVSS7.1AI score0.00359EPSS
Exploits1References23
OSV
OSV
added 2026/07/09 6:33 p.m.4 views

CVE-2026-13492 UsersWP <= 1.2.65 - Authenticated (Subscriber+) Arbitrary File Deletion via File Upload Field

The UsersWP plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 1.2.65. This is due to insufficient validation of file-field values in the UsersWPValidation::validatefields function which falls through to sanitizetextfield for fields of type 'file',...

8.8CVSS6.2AI score0.00525EPSS
Exploits0References10
CVE
CVE
added 2026/07/09 6:33 p.m.10 views

CVE-2026-13492

The CVE-2026-13492 entry concerns the WordPress UsersWP plugin (affected versions up to and including 1.2.65). The vulnerability arises from insufficient validation of file-field values in UsersWP_Validation::validate_fields(), which falls through to sanitize_text_field() for fields of type 'file...

8.8CVSS6AI score0.00525EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/07/09 2:47 p.m.6 views

WordPress WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin <= 3.0.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Modification vulnerability discovered by Sushi Com Abacate in WordPress Plugin WPCafe versions = 3.0.14...

5.4CVSS5.9AI score0.00251EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/07/09 1:51 p.m.6 views

WordPress Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin <= 6.2.1 - Incorrect Authorization to Authenticated (Subscriber+) Arbitrary Subscription Cancellation vulnerability

Incorrect Authorization to Authenticated Subscriber+ Arbitrary Subscription Cancellation vulnerability discovered by Fernando Mecozzi in WordPress Plugin FluentForm versions = 6.2.1...

5.4CVSS5.9AI score0.00176EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/07/09 11:16 a.m.6 views

CVE-2026-9235

The DHL eCommerce Benelux for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check and missing nonce verification on the createlabel and deletelabel functions in versions up to, and including, 2.2.3. These functions are wir...

4.3CVSS0.00196EPSS
Exploits0References5
NVD
NVD
added 2026/07/09 11:16 a.m.9 views

CVE-2026-9237

The Employee, Leave and Recruitment Management System – Crew HRM plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00227EPSS
Exploits0References7
NVD
NVD
added 2026/07/09 11:16 a.m.8 views

CVE-2026-9240

The Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateShippingMethod function registered to the wpajaxlpcorderaffect AJAX action in versions up to, and including, 2.9.0...

4.3CVSS0.00196EPSS
Exploits0References5
NVD
NVD
added 2026/07/09 11:16 a.m.8 views

CVE-2026-4298

The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 4.9. This is due to the dsgvoresetpolicyservicefunc function lacking both capability checks and nonce verification while processing user-supplied parameters to reset plugin...

4.3CVSS0.00204EPSS
Exploits0References6
NVD
NVD
added 2026/07/09 11:16 a.m.8 views

CVE-2026-14372

The Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteFiles function in all versions up to, and including, 3.1.1 This makes it possible for...

7.1CVSS0.00691EPSS
Exploits0References13
CVE
CVE
added 2026/07/09 9:31 a.m.10 views

CVE-2026-9235

The DHL eCommerce (Benelux) for WooCommerce WordPress plugin (up to version 2.2.3) is vulnerable to unauthorized modification and data loss due to missing capability checks and missing nonce verification in create_label() and delete_label(). These functions are tied to wp_ajax_dhlpwc_label_create...

4.3CVSS5.9AI score0.00196EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/09 9:31 a.m.7 views

EUVD-2026-42565

The DHL eCommerce Benelux for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check and missing nonce verification on the createlabel and deletelabel functions in versions up to, and including, 2.2.3. These functions are wir...

4.3CVSS5.9AI score0.00196EPSS
Exploits0References5
Rows per page
Query Builder