Lucene search
+L

5 matches found

Cvelist
Cvelist
added 2026/07/09 6:0 a.m.35 views

CVE-2026-12270 Everest Forms < 3.5.0 - Unauthenticated Missing Authorization via Site Assistant REST Endpoints

The Everest Forms WordPress plugin before 3.5.0 does not correctly restrict access to several REST API endpoints belonging to its onboarding assistant: the capability check is only applied when an attacker-controllable request header holds a specific value, so it can be bypassed by omitting or...

0.00179EPSS
Exploits0References1
CVE
CVE
added 2026/07/09 6:0 a.m.9 views

CVE-2026-12270

The CVE concerns Everest Forms for WordPress prior to version 3.5.0. The vulnerability arises because access controls on several onboarding-assistant REST API endpoints are bypassable: the capability check only runs when a specific attacker‑controlled request header has a value, allowing unauthen...

6.5CVSS5.9AI score0.00179EPSS
Exploits0References1
NVD
NVD
added 2026/05/15 9:16 a.m.37 views

CVE-2026-7563

The Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 5.3.10. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it...

4.3CVSS0.00265EPSS
Exploits0References14
Vulnrichment
Vulnrichment
added 2026/05/15 8:27 a.m.7 views

CVE-2026-7563 Classified Listing <= 5.3.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via add_order_note and send_email_to_user_by_moderator AJAX Actions

The Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 5.3.10. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it...

4.3CVSS5.9AI score0.00265EPSS
Exploits0References14
CVE
CVE
added 2026/05/15 8:27 a.m.18 views

CVE-2026-7563

The CVE-2026-7563 entry concerns the WordPress plugin Classified Listing – AI-Powered Classified ads & Business Directory (versions up to and including 5.3.10). The vulnerability arises from missing authorization verification, enabling authenticated users with subscriber-level access or higher to...

4.3CVSS5.9AI score0.00265EPSS
Exploits0References14
Rows per page
Query Builder