Lucene search
K

93 matches found

Nuclei
Nuclei
added yesterday17 views

HyperComments <= 1.2.2 - Arbitrary Options Update

The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hcrequesthandler function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to...

8.8CVSS6.2AI score0.01718EPSS
Exploits4References2
EUVD
EUVD
added 6 days ago4 views

EUVD-2026-42247

Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.manifest INSERT policy that allows read-only org members to insert OTA manifest rows. Attackers with read-only org access can inject malicious manifest entries with arbitrary s3path values that are served to device...

7.1CVSS6AI score0.00203EPSS
Exploits0References2
CVE
CVE
added 6 days ago7 views

CVE-2026-56220

Capgo before version 12.128.2 contains an authorization bypass in the public.manifest INSERT policy that lets read-only org members insert OTA manifest rows. Attackers with read-only org access can inject malicious manifest entries with arbitrary s3_path values, which are served to devices via th...

7.1CVSS6AI score0.00203EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42173

The Wp Js Detect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.9. This is due to missing or incorrect nonce validation on the pluginsettings function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.9AI score0.00128EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 6 days ago5 views

Juniper Junos OS Vulnerability (JSA110073)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA110073 advisory. - An Improper Check for Unusual or Exceptional Conditions vulnerability in the advanced forwarding toolkit evo-aftmand of Juniper Networks Junos OS Evolved on PTX Series...

8.2CVSS6.1AI score0.00405EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:33 a.m.8 views

CVE-2026-9724

The MotorDesk plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the motordeskadminhome function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.8AI score0.00145EPSS
Exploits0References6
CVE
CVE
added 2026/06/24 5:33 a.m.9 views

CVE-2026-9724

The CVE concerns the MotorDesk WordPress plugin up to version 1.1.2 . It is vulnerable to Cross-Site Request Forgery (CSRF) due to missing/incorrect nonce validation on the function motordesk_admin_home . This allows unauthenticated attackers to modify the plugin’s configuration, including the se...

4.3CVSS5.8AI score0.00145EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/23 12:13 p.m.34 views

CVE-2026-56322 Capgo - Information Disclosure via Unauthenticated /updates defaultChannel Parameter

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /updates endpoint that resolves the defaultChannel parameter before enforcing privacy restrictions, allowing attackers to enumerate private channels and leak version/config state. Unauthenticated attacke...

8.7CVSS0.00334EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 3:41 a.m.12 views

EUVD-2026-35314

The jQuery Hover Footnotes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the jqFootnotesoptionssubpanel function. This makes it possible for unauthenticated attackers to update th...

4.3CVSS5.5AI score0.00145EPSS
Exploits0References4
CVE
CVE
added 2026/06/09 3:41 a.m.19 views

CVE-2026-10553

CVE-2026-10553 affects the WordPress plugin jquery-hover-footnotes (≤ 1.4) . The root cause is missing/incorrect nonce validation in the jqFootnotes_options_subpanel function, enabling unauthenticated actors to update the plugin’s settings. Updated option values (e.g., jqfoot_anchor_open, jqfoot_...

4.3CVSS5.5AI score0.00145EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.10 views

CVE-2026-1900

The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that allows unauthenticated settings updates...

6.5CVSS5.5AI score0.00186EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.9 views

CVE-2026-4003

The Users manager – PN plugin for WordPress is vulnerable to Privilege Escalation via Arbitrary User Meta Update in all versions up to and including 1.1.15. This is due to a flawed authorization logic check in the userspnajaxnoprivserver function within the 'userspnformsave' case. The conditional...

9.8CVSS5.8AI score0.00889EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 5:31 a.m.35 views

CVE-2026-8708 Genzel breadcrumbs <= 1.2 - Cross-Site Request Forgery to Settings Update via Plugin Settings Page

The Genzel breadcrumbs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the optionspage function. This makes it possible for unauthenticated attackers to update the plugin's breadcru...

4.3CVSS0.00128EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/27 5:31 a.m.17 views

EUVD-2026-32090

The Genzel breadcrumbs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the optionspage function. This makes it possible for unauthenticated attackers to update the plugin's breadcru...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/22 7:45 a.m.3 views

CVE-2026-4133 TextP2P Texting Widget <= 1.7 - Cross-Site Request Forgery to Settings Update

The TextP2P Texting Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.7. This is due to missing nonce validation in the imTextP2POptionPage function which processes settings updates. The form at line 314 does not include a wpnoncefield,...

4.3CVSS5.7AI score0.00156EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/04/16 9:28 a.m.8 views

WordPress Riaxe Product Customizer plugin <= 2.1.2 - Missing Authorization to Unauthenticated Arbitrary Options Update to Privilege Escalation via 'install-imprint' AJAX Action vulnerability

Missing Authorization to Unauthenticated Arbitrary Options Update to Privilege Escalation via 'install-imprint' AJAX Action vulnerability discovered by Kai Aizen in WordPress Plugin Riaxe Product Customizer versions = 2.1.2...

9.8CVSS5.8AI score0.00789EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/08 12:16 p.m.7 views

CVE-2026-1672

The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the wooberedrawtablerow function. This makes it possibl...

6.5CVSS0.00176EPSS
Exploits0References4
NVD
NVD
added 2026/04/08 5:16 a.m.11 views

CVE-2026-4003

The Users manager – PN plugin for WordPress is vulnerable to Privilege Escalation via Arbitrary User Meta Update in all versions up to and including 1.1.15. This is due to a flawed authorization logic check in the userspnajaxnoprivserver function within the 'userspnformsave' case. The conditional...

9.8CVSS0.00889EPSS
Exploits0References12
NVD
NVD
added 2026/04/07 7:16 a.m.5 views

CVE-2026-1900

The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that allows unauthenticated settings updates...

6.5CVSS0.00186EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/07 6:0 a.m.5 views

CVE-2026-1900

The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that allows unauthenticated settings updates...

5.9AI score0.00186EPSS
Exploits1References1
Rows per page
Query Builder