Lucene search
K

4 matches found

NVD
NVD
added 2026/06/24 7:16 a.m.8 views

CVE-2026-10552

The Blue Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 2.0.1. This is due to missing or incorrect nonce validation on the main admin panel blcapmainpage and on the Hall of Shame and Log subpages, which accept a 'blcapaction' / 'action'...

4.3CVSS0.00146EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:33 a.m.8 views

CVE-2026-10552

The Blue Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 2.0.1. This is due to missing or incorrect nonce validation on the main admin panel blcapmainpage and on the Hall of Shame and Log subpages, which accept a 'blcapaction' / 'action'...

4.3CVSS5.9AI score0.00146EPSS
Exploits0References7
CVE
CVE
added 2026/02/18 9:10 p.m.13 views

CVE-2026-27181

MajorDoMo is affected by an unauthenticated module-uninstall vulnerability via the market endpoint. The market/admin flow reads gr('mode') from $_REQUEST and sets $this->mode before authentication, making all mode-gated paths reachable through /objects/?module=market. The uninstall handler cal...

8.7CVSS5.8AI score0.00708EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.7 views

PT-2026-20517

MajorDoMo aka Major Domestic Module allows unauthenticated arbitrary module uninstallation through the market module. The market module's admin method reads gr'mode' from $ REQUEST and assigns it to $this-mode at the start of execution, making all mode-gated code paths reachable without...

8.7CVSS5.8AI score0.00708EPSS
Exploits1References3
Rows per page
Query Builder