Lucene search
K

18 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-6182

Malware in sbrugna...

9.8CVSS9.5AI score0.02076EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-16548

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.0034EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-5122

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.00466EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-14372

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.00383EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-16545

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00467EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2021-34171

Malicious code in bioql PyPI...

6.4CVSS5.8AI score0.00467EPSS
Exploits1References2
Patchstack
Patchstack
added 2025/07/28 9:9 p.m.6 views

WordPress Hydra Booking plugin 1.1.0-1.1.18 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin Hydra Booking versions 1.1.0-1.1.18...

8.8CVSS6.7AI score0.00351EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/07/07 8:24 p.m.6 views

WordPress WP Human Resource Management plugin 2.0.0-2.2.17 - Missing Authorization to Authenticated (Employee+) Privilege Escalation vulnerability

Missing Authorization to Authenticated Employee+ Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin WP Human Resource Management versions 2.0.0-2.2.17...

8.8CVSS6.7AI score0.00364EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/07/06 2:18 a.m.13 views

CVE-2025-5953

The WP Human Resource Management plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the ajaxinsertemployee and updateempoyee functions in versions 2.0.0 through 2.2.17. The AJAX handler reads the client-supplied $POST'role' and, after basic cleaning via...

8.8CVSS6.2AI score0.00364EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/07/04 8:53 a.m.26 views

WordPress Service Finder Booking plugin <= 6.1 - Privilege Escalation Vulnerability

Privilege Escalation Vulnerability discovered by Bonds in WordPress Plugin Service Finder Booking versions = 6.1...

9.8CVSS6.7AI score0.0069EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/07/04 3:15 a.m.6 views

CVE-2025-5953

The WP Human Resource Management plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the ajaxinsertemployee and updateempoyee functions in versions 2.0.0 through 2.2.17. The AJAX handler reads the client-supplied $POST'role' and, after basic cleaning via...

8.8CVSS0.00364EPSS
Exploits0References5
CVE
CVE
added 2025/06/27 11:52 a.m.14 views

CVE-2025-32281

CVE-2025-32281 affects the WordPress plugin WPKit For Elementor, version

4.3CVSS5.9AI score0.00128EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/06/23 8:58 a.m.2 views

WordPress WPKit For Elementor plugin <= 1.1.0 - Arbitrary Option Update to Privilege Escalation vulnerability

Arbitrary Option Update to Privilege Escalation vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WPKit For Elementor versions = 1.1.0...

9.8CVSS6.8AI score0.00128EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/05/31 7:15 a.m.15 views

CVE-2025-4631

The Profitori plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the stocktendobject endpoint in versions 2.0.6.0 to 2.1.1.3. This makes it possible to trigger the saveobjectasuser function for objects whose 'datatype' is set to 'users',. This allows...

9.8CVSS0.00596EPSS
Exploits1References6
Patchstack
Patchstack
added 2025/05/30 9:19 p.m.8 views

WordPress WP-GeoMeta plugin 0.3.4-0.3.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via wp_ajax_wpgm_start_geojson_import Function vulnerability

Missing Authorization to Authenticated Subscriber+ Privilege Escalation via wpajaxwpgmstartgeojsonimport Function vulnerability discovered by kr0d in WordPress Plugin WP-GeoMeta versions 0.3.4-0.3.5...

8.8CVSS6.7AI score0.0034EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/04/14 1:31 p.m.2 views

WordPress Email Notifications for Updates <= 1.1.6 - Privilege Escalation Vulnerability

Privilege Escalation Vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Email Notifications for Updates versions = 1.1.6...

8.8CVSS6.8AI score0.00302EPSS
Exploits0Affected Software1
CVE
CVE
added 2025/04/04 4:21 a.m.99 views

CVE-2025-2075

The CVE concerns the WordPress plugin Uncanny Automator (versions up to and including 6.3.0.2). The root cause is missing capability checks in add_role() and user_role() performed through validate_rest_call(), enabling privilege escalation to administrator. Attackers with an active account can el...

8.8CVSS7AI score0.02245EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/12 3:23 a.m.8 views

CVE-2024-11443 de:branding <= 1.0.2 - Authenticated (Subscriber+) Arbitrary Options Update

The de:branding plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the debrandingsave function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with...

8.8CVSS7.2AI score0.0049EPSS
Exploits0References3
Rows per page
Query Builder