Lucene search
+L

8 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/04 8:25 a.m.6 views

CVE-2025-15260

The MyRewards – Loyalty Points and Rewards for WooCommerce plugin for WordPress is vulnerable to missing authorization in all versions up to, and including, 5.6.0. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'ajax' function. This makes it...

6.5CVSS5.5AI score0.00274EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2025/05/23 2:43 a.m.6 views

CVE-2023-5533

The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well as 4.9.2. This makes it possible for unauthenticated attackers to perform some of those actions tha...

9.8CVSS5.9AI score0.00531EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:4 p.m.10 views

CVE-2021-24635

The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user such as subscriber to call them and 1 Get and search through title and content of Draft post, ...

5.5CVSS6.7AI score0.00635EPSS
Exploits2References1
CNNVD
CNNVD
added 2024/02/27 12:0 a.m.7 views

WordPress plugin Smart Forms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

6.1CVSS6.4AI score0.00217EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2023/10/20 7:29 a.m.12 views

CVE-2023-5533

The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well as 4.9.2. This makes it possible for unauthenticated attackers to perform some of those actions tha...

5.3CVSS9.2AI score0.00531EPSS
Exploits0References2
NVD
NVD
added 2023/03/20 4:15 p.m.28 views

CVE-2023-0876

The WP Meta SEO WordPress plugin before 4.5.3 does not authorize several ajax actions, allowing low-privilege users to make updates to certain data and leading to an arbitrary redirect vulnerability...

6.1CVSS6.3AI score0.00713EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/02/24 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-0876

The WP Meta SEO WordPress plugin before 4.5.3 does not authorize several ajax actions, allowing low-privilege users to make updates to certain data and leading to an arbitrary redirect vulnerability...

6.1CVSS6.5AI score0.00713EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2022/04/17 12:0 a.m.10 views

PT-2022-13802 · WordPress · Elementor Website Builder

Name of the Vulnerable Software and Affected Versions: Elementor Website Builder plugin for WordPress versions 3.6.0 through 3.6.2 Description: The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in t...

8.8CVSS8.7AI score0.92658EPSS
Exploits10References15
Rows per page
Query Builder