Lucene search
K

4 matches found

CVE
CVE
added 2026/01/17 2:22 a.m.25 views

CVE-2025-14075

CVE-2025-14075 affects the WP Hotel Booking plugin for WordPress (versions up to and including 2.2.7). The vulnerability exposes the unauthenticated AJAX action hotel_booking_fetch_customer_info without proper capability checks, relying only on a nonce. This allows unauthenticated attackers to re...

5.3CVSS5.2AI score0.0026EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/11/05 9:27 a.m.2 views

CVE-2025-11987 Visual Link Preview <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via visual-link-preview Shortcode

The Visual Link Preview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's visual-link-preview shortcode in versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS4.8AI score0.00218EPSS
Exploits0References4
OSV
OSV
added 2024/01/16 4:15 p.m.6 views

CVE-2024-0235

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog...

5.3CVSS5.8AI score0.37957EPSS
Exploits3References1
CNVD
CNVD
added 2018/04/28 12:0 a.m.6 views

CMS Made Simple Information Disclosure Vulnerability (CNVD-2018-08918)

CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. An information disclosure vulnerability exists in...

4.9CVSS6.4AI score0.01005EPSS
Exploits1References1
Rows per page
Query Builder