Lucene search
K

10 matches found

EUVD
EUVD
added 2026/04/22 9:31 a.m.7 views

EUVD-2026-24664

The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.1. This is due to missing nonce validation in the plugin's settings page handler admin/setting.php. The settings form does not include a wpnoncefield and the form processing code...

4.3CVSS5.7AI score0.00178EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.6 views

CVE-2026-2294

The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'uipsaveglobalsettings' function in all versions up to, and including, 3.5.09. This makes it possible for...

4.3CVSS5.9AI score0.00192EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2022-34790

Malicious code in bioql PyPI...

7.5CVSS6.5AI score0.01369EPSS
Exploits4References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-44377

Malicious code in bioql PyPI...

6.5CVSS5.6AI score0.00454EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/06 3:22 a.m.8 views

CVE-2025-7040 Cloud SAML SSO <= 1.0.19 - Missing Authorization to Unauthenticated Settings Modification via set_organization_settings Action

The Cloud SAML SSO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setorganizationsettings' action of the cssohandleactions function in all versions up to, and including, 1.0.19. The handler reads client-supplied POST parameters fo...

8.2CVSS4.9AI score0.00258EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/05/22 5:42 p.m.6 views

CVE-2020-5641

Cross-site request forgery CSRF vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product's settings may be changed without the user's intention or consent via unspecified vectors...

6.5CVSS7.6AI score0.00628EPSS
Exploits0References1
NVD
NVD
added 2025/02/15 9:15 a.m.7 views

CVE-2025-0935

The Media Library Folders plugin for WordPress is vulnerable to unauthorized plugin settings change due to a missing capability check on several AJAX actions in all versions up to, and including, 8.3.0. This makes it possible for authenticated attackers, with Author-level access and above, to...

4.3CVSS0.0031EPSS
Exploits0References5
CVE
CVE
added 2025/02/15 8:25 a.m.68 views

CVE-2025-0935

CVE-2025-0935 concerns the WordPress plugin Media Library Folders (versions up to and including 8.3.0). The issue is a missing capability check on several AJAX actions, allowing authenticated attackers with Author-level access or higher to change plugin settings (e.g., IP-blocking). Impact is una...

4.3CVSS6.7AI score0.0031EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/08/31 6:15 a.m.2 views

CVE-2023-2352

The CHP Ads Block Detector plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.9.4. This is due to missing or incorrect nonce validation on the chpabdaction function. This makes it possible for unauthenticated attackers to update or reset plugin...

4.3CVSS6.6AI score0.00298EPSS
Exploits0References5
Patchstack
Patchstack
added 2022/07/25 12:0 a.m.26 views

WordPress Transposh WordPress Translation plugin <= 1.0.8.1 - Unauthorized Settings Change vulnerability

Unauthorized Settings Change vulnerability discovered by Julien Ahrens in WordPress Transposh WordPress Translation plugin versions = 1.0.8.1. Solution Deactivate and delete. This plugin has been closed as of February 7, 2022 and is not available for download. Reason: Security Issue...

5.3CVSS2.4AI score0.03508EPSS
Exploits6References1Affected Software1
Rows per page
Query Builder