Lucene search
K

11 matches found

EUVD
EUVD
added 2026/06/16 4:30 a.m.14 views

EUVD-2026-37032

The Abandoned Contact Form 7 plugin for WordPress is vulnerable to unauthorized arbitrary post deletion in versions up to, and including, 2.2. This is due to a missing capability check and missing nonce validation in the actionremoveabandoned function, which is registered to both the...

5.3CVSS5.4AI score0.00228EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/25 8:25 a.m.5 views

CVE-2026-1916 WPGSI: Spreadsheet Integration <= 3.8.3 - Missing Authorization to Unauthenticated Arbitrary Post Creation and Deletion via Forged Base64 Token

The WPGSI: Spreadsheet Integration plugin for WordPress is vulnerable to unauthorized modification and loss of data due to missing capability checks and an insecure authentication mechanism on the wpgsicallBackFuncAccept and wpgsicallBackFuncUpdate REST API functions in all versions up to, and...

7.5CVSS5.7AI score0.00357EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/11/19 10:23 a.m.7 views

CVE-2025-11734

The Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization in all versions up to, and including, 1.2.5. This is due to the plugin registering a REST API endpoint that only...

5.4CVSS5.5AI score0.00198EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/18 12:30 p.m.4 views

EUVD-2025-197971

The Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization in all versions up to, and including, 1.2.5. This is due to the plugin registering a REST API endpoint that only...

5.4CVSS5AI score0.00198EPSS
Exploits0References3
NVD
NVD
added 2025/11/18 10:15 a.m.11 views

CVE-2025-11734

The Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization in all versions up to, and including, 1.2.5. This is due to the plugin registering a REST API endpoint that only...

5.4CVSS0.00198EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.8 views

PT-2025-47275

Name of the Vulnerable Software and Affected Versions Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links plugin for WordPress versions through 1.2.5 Description The plugin is susceptible to unauthorized post modification because of insufficient authorization checks. Th...

5.4CVSS6.6AI score0.00198EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-12103

Malicious code in bioql PyPI...

4.3CVSS7.8AI score0.0023EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/03/07 8:21 a.m.11 views

CVE-2024-12610 School Management System for Wordpress <= 93.0.0 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

The School Management System for Wordpress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'mjsmgtremovefeetype' and 'mjsmgtremovecategorynew' AJAX actions in all versions up to, and including, 93.0.0. This makes it possible for...

5.3CVSS0.00283EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/07 8:21 a.m.9 views

CVE-2024-12610 School Management System for Wordpress <= 93.0.0 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

The School Management System for Wordpress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'mjsmgtremovefeetype' and 'mjsmgtremovecategorynew' AJAX actions in all versions up to, and including, 93.0.0. This makes it possible for...

5.3CVSS7.1AI score0.00283EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/11/22 12:0 a.m.4 views

PT-2023-32084 · WordPress · Funnelforms Free

Name of the Vulnerable Software and Affected Versions: Funnelforms Free plugin for WordPress versions up to and including 3.4 Description: The issue allows authenticated attackers with subscriber-level permissions and above to modify data without proper authorization. This is due to a missing...

6.5CVSS5.4AI score0.00408EPSS
Exploits2References5
Cvelist
Cvelist
added 2010/04/23 2:0 p.m.21 views

CVE-2009-4801

EZ-Blog Beta 1 does not require authentication, which allows remote attackers to create or delete arbitrary posts via requests to PHP scripts...

6.9AI score0.02252EPSS
Exploits0References2
Rows per page
Query Builder