Lucene search
+L

49 matches found

CNNVD
CNNVD
added 2026/01/09 12:0 a.m.5 views

WordPress plugin Contact Form vCard Generator 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.3CVSS6.4AI score0.00321EPSS
Exploits0References5
WPVulnDB
WPVulnDB
added 2026/01/08 12:0 a.m.11 views

Notification Bar for WordPress <= 1.1.8 – Unauthenticated Subscriber Data Disclosure

Description The plugin exposes an unauthenticated CSV export script that discloses all stored subscriber emails. PoC https://example.com/wp-content/plugins/8-degree-notification-bar/inc/backend/blocks/export-csv.php...

5.4AI score
Exploits1
Cvelist
Cvelist
added 2026/01/07 8:21 a.m.30 views

CVE-2025-13493 Latest Registered Users <= 1.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via User Data Export

The Latest Registered Users plugin for WordPress is vulnerable to unauthorized user data export in all versions up to, and including, 1.4. This is due to missing authorization and nonce validation in the rndhandleformsubmit function hooked to both adminpostmysimpleform and...

7.5CVSS0.00283EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.8 views

WordPress Course Booking System plugin <= 6.1.5 - Missing Authorization to Unauthenticated Booking Data Export vulnerability

Missing Authorization to Unauthenticated Booking Data Export vulnerability discovered by Powpy in WordPress Plugin Course Booking System versions = 6.1.5...

5.3CVSS5.9AI score0.00233EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/12/12 11:15 a.m.8 views

EUVD-2025-203077

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.2. This is due to missing nonce validation on the 'ayssccpresultsexportfile' AJAX action. This makes it possible for unauthenticated...

4.3CVSS4.3AI score0.00139EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/12/02 4:37 a.m.19 views

CVE-2025-13606 Export All Posts, Products, Orders, Refunds & Users <= 2.19 - Cross-Site Request Forgery to Sensitive Information Exposure

The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.19. This is due to missing or incorrect nonce validation on the parseData function. This makes it possible for unauthenticated attackers...

6.5CVSS0.00138EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/26 7:58 a.m.13 views

CVE-2025-13414

The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to unauthorized data export due to a missing capability check on the cdashwatchforexport function in all versions up to, and including, 3.3.11. This makes it possible for unauthenticated attackers to export business...

5.3CVSS5.3AI score0.00245EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/25 7:28 a.m.9 views

EUVD-2025-199583

The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to unauthorized data export due to a missing capability check on the cdashwatchforexport function in all versions up to, and including, 3.3.11. This makes it possible for unauthenticated attackers to export business...

5.3CVSS4.9AI score0.00245EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/25 7:28 a.m.6 views

CVE-2025-13414 Chamber Dashboard Business Directory <= 3.3.11 - Missing Authorization to Unauthenticated Business Information Export

The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to unauthorized data export due to a missing capability check on the cdashwatchforexport function in all versions up to, and including, 3.3.11. This makes it possible for unauthenticated attackers to export business...

5.3CVSS4.9AI score0.00245EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/25 7:28 a.m.10 views

CVE-2025-13414 Chamber Dashboard Business Directory <= 3.3.11 - Missing Authorization to Unauthenticated Business Information Export

The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to unauthorized data export due to a missing capability check on the cdashwatchforexport function in all versions up to, and including, 3.3.11. This makes it possible for unauthenticated attackers to export business...

5.3CVSS0.00245EPSS
Exploits0References3
CVE
CVE
added 2025/11/25 7:28 a.m.22 views

CVE-2025-13414

CVE-2025-13414 affects the Chamber Dashboard Business Directory plugin for WordPress. The vulnerability arises from a missing capability check on the export function (cdash_watch_for_export), enabling unauthenticated attackers to export sensitive business-directory data. All versions up to and in...

5.3CVSS5AI score0.00245EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/22 6:31 a.m.5 views

EUVD-2025-35354

The NS Maintenance Mode for WP WordPress plugin through 1.3.1 lacks authorization in its subscriber export function allowing unauthenticated attackers to download a list of a site's subscribers containing their name and email address...

5.3CVSS6.4AI score0.00224EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/22 6:0 a.m.15 views

CVE-2025-10638 NS Maintenance Mode for WP <= 1.3.1 - Unauthenticated Subscribers Export

The NS Maintenance Mode for WP WordPress plugin through 1.3.1 lacks authorization in its subscriber export function allowing unauthenticated attackers to download a list of a site's subscribers containing their name and email address...

0.00224EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.7 views

WordPress plugin NS Maintenance Mode for WP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A security...

5.3CVSS6.6AI score0.00224EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-34180

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.00588EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 8:49 p.m.7 views

CVE-2021-4353

The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated settings export in versions up to, and including, 2.4.1. This is due to missing authorization on the export function which makes makes it possible for unauthenticated attackers to export the plugin...

5.3CVSS5.9AI score0.00588EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/02/28 11:18 p.m.5 views

WordPress IP2Location Redirection plugin <= 1.33.3 - Missing Authorization to Unauthenticated Settings Export vulnerability

Missing Authorization to Unauthenticated Settings Export vulnerability discovered by Krzysztof Zając in WordPress Plugin IP2Location Redirection versions = 1.33.3...

5.3CVSS7AI score0.00275EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/01/30 7:41 a.m.7 views

WordPress Safe Ai Malware Protection for WP plugin <= 1.0.17 - Missing Authorization to Unauthenticated Database Export vulnerability

Missing Authorization to Unauthenticated Database Export vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin Safe Ai Malware Protection for WP versions = 1.0.17...

7.5CVSS6.9AI score0.00563EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/01/06 7:43 p.m.4 views

WordPress Export Import Menus plugin <= 1.9.1 - Missing Authorization to Unauthenticated Menu Export vulnerability

Missing Authorization to Unauthenticated Menu Export vulnerability discovered by BrokenAC ignore in WordPress Plugin Export Import Menus versions = 1.9.1...

5.3CVSS7AI score0.00343EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/11/21 11:15 a.m.4 views

CVE-2024-11334

The My Contador lesr plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportarregistros function in all versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to export user data...

5.3CVSS5.8AI score0.00596EPSS
Exploits0References3
Rows per page
Query Builder