Lucene search
K

193 matches found

NVD
NVD
added 3 days ago6 views

CVE-2026-13262

The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'val' parameter in all versions up to, and including, 1.1.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...

6.5CVSS0.00352EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/04/15 10:21 a.m.37 views

CVE-2026-40778 WordPress Majestic Support plugin <= 1.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Majestic Support Majestic Support majestic-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Majestic Support: from n/a through = 1.1.2...

5.3CVSS0.00163EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.7 views

PT-2026-31110

Name of the Vulnerable Software and Affected Versions The Awesome Support – WordPress HelpDesk & Support Plugin versions up to and including 6.3.7 Description The Awesome Support – WordPress HelpDesk & Support Plugin is susceptible to an Insecure Direct Object Reference issue. The wpas get ticket...

5.3CVSS5.7AI score0.00327EPSS
Exploits0References9
Patchstack
Patchstack
added 2026/01/19 12:4 p.m.6 views

WordPress GDPR CCPA Compliance Support plugin <= 2.7.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin GDPR CCPA Compliance Support versions = 2.7.4...

6.5CVSS5.4AI score0.00269EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/16 7:0 a.m.9 views

WordPress Awesome Support - WordPress HelpDesk & Support Plugin plugin <= 6.3.6 - Missing Authorization to Unauthenticated Role Demotion vulnerability

WordPress Awesome Support - WordPress HelpDesk & Support Plugin plugin = 6.3.6 - Missing Authorization to Unauthenticated Role Demotion vulnerability discovered by shark3y in WordPress Plugin Awesome Support versions = 6.3.6...

6.5CVSS7AI score0.00363EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.9 views

WordPress CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts plugin <= 4.2 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by luckybuddy in WordPress Plugin cits-support-svg-webp-media-upload versions = 4.2...

4.3CVSS7.3AI score0.00138EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/13 6:57 a.m.7 views

CVE-2025-13660

The Guest Support plugin for WordPress is vulnerable to User Email Disclosure in versions up to, and including, 1.2.3. This is due to the plugin exposing a public AJAX endpoint that allows anyone to search for and retrieve user email addresses without any authentication or capability checks. This...

5.3CVSS6.1AI score0.00299EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/12 9:30 a.m.14 views

EUVD-2025-203061

The Guest Support plugin for WordPress is vulnerable to User Email Disclosure in versions up to, and including, 1.2.3. This is due to the plugin exposing a public AJAX endpoint that allows anyone to search for and retrieve user email addresses without any authentication or capability checks. This...

5.3CVSS5.6AI score0.00299EPSS
Exploits0References5
NVD
NVD
added 2025/12/12 7:15 a.m.41 views

CVE-2025-13660

The Guest Support plugin for WordPress is vulnerable to User Email Disclosure in versions up to, and including, 1.2.3. This is due to the plugin exposing a public AJAX endpoint that allows anyone to search for and retrieve user email addresses without any authentication or capability checks. This...

5.3CVSS0.00299EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/12 6:32 a.m.76 views

CVE-2025-13660 Guest Support <= 1.2.3 - Unauthenticated User Email Disclosure in guest_support_handler AJAX Endpoint

The Guest Support plugin for WordPress is vulnerable to User Email Disclosure in versions up to, and including, 1.2.3. This is due to the plugin exposing a public AJAX endpoint that allows anyone to search for and retrieve user email addresses without any authentication or capability checks. This...

5.3CVSS0.00299EPSS
Exploits0References4
CVE
CVE
added 2025/12/12 6:32 a.m.26 views

CVE-2025-13660

CVE-2025-13660 (Guest Support, WordPress): The vulnerability is an unauthenticated User Email Disclosure in versions up to and including 1.2.3. An exposed AJAX endpoint (guest_support_handler=ajax) allows arbitrary querying of users (request=get_users) without authentication or capability checks,...

5.3CVSS5.7AI score0.00299EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-9623

Malware in sbrugna...

6.1CVSS6.2AI score0.00915EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2015-0486

Malware in sbrugna...

4.3CVSS6.4AI score0.01451EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2015-9158

Malware in sbrugna...

7.5CVSS7.6AI score0.01389EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-8073

Malicious code in bioql PyPI...

6.4CVSS9AI score0.00264EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-57772

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.0039EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-7192

Malicious code in bioql PyPI...

4.3CVSS9.2AI score0.00138EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-20386

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00282EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-3275

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.01206EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2022-0841

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00966EPSS
Exploits0References5
Rows per page
Query Builder