Lucene search
K

10 matches found

EUVD
EUVD
added 2026/06/27 4:30 a.m.9 views

EUVD-2026-39943

The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravelinvoiceeditaccount AJAX action in versions up to, and including, 1.0.0. The handler is exposed via wpajaxnoprivpravelinvoiceeditaccount, accepts an attacker-controlled...

9.8CVSS5.8AI score0.00662EPSS
Exploits0References4
NVD
NVD
added 2025/12/12 4:15 a.m.5 views

CVE-2025-12963

The LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.2.29. This is due to the plugin not properly validating a user's identity via the...

9.8CVSS0.00311EPSS
Exploits0References2
CVE
CVE
added 2025/05/02 1:43 a.m.79 views

CVE-2025-3746

CVE-2025-3746 affects the WordPress plugin “OTP-less one tap Sign in” (versions 2.0.14–2.0.59). The root cause is improper user identity validation before updating user details (e.g., email). This allows unauthenticated attackers to change arbitrary users’ emails (including admins), potentially r...

9.8CVSS10AI score0.00477EPSS
Exploits0References2
NVD
NVD
added 2025/02/18 5:15 a.m.14 views

CVE-2024-13677

The GetBookingsWP – Appointments Booking Calendar Plugin For WordPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.27. This is due to the plugin not properly validating a user's identity prior to updating their details...

8.8CVSS0.0048EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/25 6:42 a.m.27 views

CVE-2024-11281 WooCommerce Point of Sale <= 6.1.0 - Insecure Direct Object Reference to Privilege Escalation via Arbitrary User Email Change

The WooCommerce Point of Sale plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0. This is due to insufficient validation on the 'loggedinuserid' value when option values are empty and the ability for attackers to change the email of arbitrary us...

9.8CVSS0.01484EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/12/24 10:14 p.m.5 views

WordPress WooCommerce Point of Sale plugin <= 6.1.0 - Insecure Direct Object Reference to Privilege Escalation via Arbitrary User Email Change vulnerability

Insecure Direct Object Reference to Privilege Escalation via Arbitrary User Email Change vulnerability discovered by Tonn in WordPress Plugin WooCommerce Point of Sale versions = 6.1.0...

9.8CVSS7AI score0.01484EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/12/18 3:22 a.m.20 views

CVE-2024-12259 CRM WordPress Plugin – RepairBuddy <= 3.8120 - Missing Authorization to Account Takeover/Privilege Escalation

The CRM WordPress Plugin – RepairBuddy plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.8120. This is due to the plugin not properly validating a user's identity prior to updating their email through the wcupdateuserdata AJAX...

8.8CVSS0.005EPSS
Exploits0References4
OSV
OSV
added 2024/03/12 8:24 a.m.27 views

BIT-GRAFANA-2023-6152

A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verifyemailenabled" will only validate email only on sign up...

5.4CVSS6AI score0.01385EPSS
Exploits1References4
NVD
NVD
added 2024/02/13 10:15 p.m.23 views

CVE-2023-6152

A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verifyemailenabled" will only validate email only on sign up...

5.4CVSS5.8AI score0.01385EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/02/13 9:38 p.m.59 views

CVE-2023-6152

A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verifyemailenabled" will only validate email only on sign up...

5.4CVSS5.8AI score0.01385EPSS
Exploits1References2
Rows per page
Query Builder