Lucene search
K

57 matches found

Nuclei
Nuclei
added yesterday25 views

Simple User Registration <= 6.3 - Unauthenticated Privilege Escalation

The Simple User Registration plugin ≤ 6.3 is vulnerable to privilege escalation. It lacks proper restrictions on user meta values during registration. Unauthenticated attackers can exploit this to register as administrators. id: CVE-2025-4334 info: name: Simple User Registration = 6.3 -...

9.8CVSS5.9AI score0.02055EPSS
Exploits5References1
CVE
CVE
added yesterday13 views

CVE-2026-14482

The CVE-2026-14482 entry covers the WordPress plugin “多说社会化评论框” (

8.8CVSS6AI score0.00318EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/01 7:53 a.m.35 views

CVE-2026-11387 SMS Alert <= 3.9.5 - Unauthenticated Privilege Escalation via Arbitrary Password Reset

The SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.9.5. This is due to the plugin not properly validating a user's identity prior to updati...

9.8CVSS0.0038EPSS
Exploits1References8
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-56033

Unauthenticated Privilege Escalation in Dokan Pro = 5.0.4 versions...

9.8CVSS0.00331EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.12 views

CVE-2026-56028

CVE-2026-56028 describes an unauthenticated privilege-escalation vulnerability in the WordPress plugin Easy Elements for Elementor – Addons & Website Templates (versions

9.8CVSS5.8AI score0.0036EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52744

Name of the Vulnerable Software and Affected Versions Easy Elements for Elementor – Addons & Website Templates versions prior to 1.5.0 Description An unauthenticated privilege escalation issue exists, allowing an attacker to gain higher-level permissions without providing valid credentials...

9.8CVSS5.8AI score0.0036EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/15 8:19 p.m.8 views

CVE-2026-49063 WordPress Listdom plugin <= 5.5.0 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in Listdom = 5.5.0 versions...

7.3CVSS5.2AI score0.00213EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 5:57 p.m.38 views

CVE-2026-53408

The CVE-2026-53408 vulnerability affects Zoom Workplace: Android before 7.0.4 and iOS before 7.0.3. It is due to Improper Authorization in the Handler for a Custom URL Scheme, enabling an unauthenticated privilege escalation via network access. The CVSSv3.1 base score is 8.1 (High) with Network a...

8.1CVSS5.3AI score0.00211EPSS
Exploits0References1Affected Software2
EUVD
EUVD
added 2026/06/12 5:56 p.m.12 views

EUVD-2026-36522

Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access...

8.1CVSS5.3AI score0.00231EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/30 12:28 a.m.265 views

Exploit for CVE-2026-8732

CVE-2026-8732 — WP Maps Pro ≤ 6.1.0 ♡ Unauthenticated Privil...

9.8CVSS5.8AI score0.09461EPSS
Exploits7
Patchstack
Patchstack
added 2026/05/28 7:15 a.m.12 views

WordPress Frontend Admin by DynamiApps plugin <= 3.29.2 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by daroo in WordPress Plugin Frontend Admin by DynamiApps versions = 3.29.2...

8.8CVSS5.8AI score0.00433EPSS
Exploits0References1Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in edk2

Improper configuration in the system firmware for EDK II may allow unauthenticated users to potentially enable privilege escalation, information disclosure, and/or denial of service through local access...

7.8CVSS7.4AI score0.00416EPSS
Exploits0References2
OSV
OSV
added 2026/05/05 7:16 p.m.9 views

PYSEC-2026-119

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploited by unauthenticated attackers to query the API as any existing user, including the default admi...

9.8CVSS5.7AI score0.0048EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.9 views

Nginx UI 访问控制错误漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Version 2.3.5 of Nginx UI contains an access control vulnerability, which stems from unauthenticated privilege escalation during the initial installation process via the POST /api/install endpoint...

9.8CVSS5.8AI score0.00339EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2026/04/20 1:51 a.m.114 views

Exploit for CVE-2025-2563

CVE-2025-2563 — User Registration & Membership | Full-Chain Ad...

8.1CVSS7.5AI score0.44565EPSS
Exploits7
GithubExploit
GithubExploit
added 2026/04/18 7:43 p.m.168 views

Exploit for CVE-2026-0920

CVE-2026-0920- LA-Studio Element Kit for Elementor = 1.5.6...

9.8CVSS6AI score0.01078EPSS
Exploits5
Cvelist
Cvelist
added 2026/04/15 11:25 p.m.38 views

CVE-2026-4880 Barcode Scanner (+Mobile App) <= 1.11.0 - Unauthenticated Privilege Escalation via Insecure Token Authentication

The Barcode Scanner +Mobile App – Inventory manager, Order fulfillment system, POS Point of Sale plugin for WordPress is vulnerable to privilege escalation via insecure token-based authentication in all versions up to, and including, 1.11.0. This is due to the plugin trusting a user-supplied...

9.8CVSS0.00503EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/31 10:58 p.m.7 views

CVE-2026-5130

The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthenticated Privilege Escalation in versions up to and including 1.3.2. This was due to the plugin accepting the wpdebugtroubleshootsimulateuser cookie value directly as a user ID without any cryptographic validation or...

8.8CVSS5.8AI score0.00422EPSS
Exploits0References1
NVD
NVD
added 2026/03/30 11:17 p.m.6 views

CVE-2026-5130

The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthenticated Privilege Escalation in versions up to and including 1.3.2. This was due to the plugin accepting the wpdebugtroubleshootsimulateuser cookie value directly as a user ID without any cryptographic validation or...

8.8CVSS0.00422EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/30 10:24 p.m.8 views

CVE-2026-5130

The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthenticated Privilege Escalation in versions up to and including 1.3.2. This was due to the plugin accepting the wpdebugtroubleshootsimulateuser cookie value directly as a user ID without any cryptographic validation or...

8.8CVSS5.8AI score0.00422EPSS
Exploits0References5
Rows per page
Query Builder