Lucene search
K

13 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/26 2:23 a.m.4 views

CVE-2026-1779

The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.2. This is due to incorrect authentication in the 'registermember' function. This makes it possible for unauthenticated attackers to log in a newly registered user ...

8.1CVSS5.3AI score0.00335EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-12819

Malicious code in bioql PyPI...

6.5CVSS7AI score0.00769EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-58916

Malicious code in bioql PyPI...

6.5CVSS8.8AI score0.00525EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-12389

Malicious code in bioql PyPI...

8.8CVSS9AI score0.00323EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/06/03 11:22 a.m.15 views

CVE-2025-4671 Profile Builder <= 3.13.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via user_meta and compare Shortcodes

The Profile Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's usermeta and compare shortcodes in all versions up to, and including, 3.13.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00238EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/04/27 7:0 a.m.16 views

CVE-2025-2238

The Vikinger theme for WordPress is vulnerable to privilege in all versions up to, and including, 1.9.30. This is due to insufficient usermeta restrictions in the 'vikingerusermetaupdateajax' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

8.8CVSS6.9AI score0.00323EPSS
Exploits0References1
NVD
NVD
added 2025/04/25 7:15 a.m.17 views

CVE-2025-2238

The Vikinger theme for WordPress is vulnerable to privilege in all versions up to, and including, 1.9.30. This is due to insufficient usermeta restrictions in the 'vikingerusermetaupdateajax' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

8.8CVSS0.00323EPSS
Exploits0References2
NVD
NVD
added 2024/04/09 7:15 p.m.12 views

CVE-2023-6695

The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the 'wpbb' shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including arbitrary usermet...

6.5CVSS6.2AI score0.00525EPSS
Exploits0References2
CVE
CVE
added 2024/04/09 7:5 p.m.56 views

CVE-2023-6695

Beaver Themer (WordPress) is associated with CVE-2023-6695 describing Sensitive Information Exposure via the wpbb shortcode in all versions up to and including 1.4.9. The vulnerability allows authenticated attackers withContributor+ access to extract sensitive data, including arbitrary user_meta ...

6.5CVSS9AI score0.00525EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/04/09 7:5 p.m.16 views

CVE-2023-6695 Beaver Themer <= 1.4.9 - Authenticated (Contributor+) Sensitive Information Exposure via shortcode

The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the 'wpbb' shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including arbitrary usermet...

6.5CVSS6.4AI score0.00525EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.17 views

Beaver Themer < 1.4.9.1 - Authenticated (Contributor+) Sensitive Information Exposure via shortcode

Description The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the 'wpbb' shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including...

6.5CVSS6.8AI score0.00525EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/26 12:0 a.m.12 views

User Shortcodes Plus <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via user_meta Shortcode

Description The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the usermeta shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

5.3CVSS6.3AI score0.00472EPSS
Exploits0References1
Prion
Prion
added 2023/02/14 2:15 a.m.21 views

Information disclosure

The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to sensitive information disclosure via the usermeta shortcode in versions up to, and including 3.9.0. This is due to insufficient restriction on sensitive user meta values that can be called via that...

4CVSS6.3AI score0.00769EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder