Lucene search
K

46 matches found

CNNVD
CNNVD
added 2026/03/18 12:0 a.m.18 views

WordPress plugin KiviCare 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.2CVSS5.8AI score0.00248EPSS
Exploits0References4
NVD
NVD
added 2026/01/20 5:16 a.m.12 views

CVE-2025-14977

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.2.4 via the /wp-json/dokan/v1/settings REST API endpoint due to missing validation on a...

8.1CVSS0.00265EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/03 7:7 a.m.9 views

CVE-2025-14072

The Ninja Forms WordPress plugin before 3.13.3 allows unauthenticated attackers to generate valid access tokens via the REST API which can then be used to read form submissions...

5.3CVSS6.9AI score0.00298EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/16 5:25 a.m.6 views

EUVD-2025-203498

The Dokan Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /dokan/v1/wholesale/register REST API endpoint in all versions up to, and including, 4.1.3. This makes it possible for unauthenticated attackers to enumerate users and retrieve...

5.3CVSS4.7AI score0.00205EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/21 5:32 a.m.9 views

CVE-2025-11368 LearnPress – WordPress LMS Plugin <= 4.2.9.4 - Missing Authorization to Unauthenticated Arbitrary Callback Execution to Information Exposure

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 4.2.9.4. This is due to missing capability checks in the REST endpoint /wp-json/lp/v1/loadcontentviaajax which allows arbitrary callback execution of...

5.3CVSS0.00934EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/11/20 9:37 p.m.10 views

CVE-2025-12777

The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.10.0. This is due to the plugin not properly verifying that a user is authorized to perform actions on the REST API /wp-json/yith/wishlist/v1/lists endpoint which uses...

5.3CVSS5.7AI score0.00277EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.10 views

PT-2025-46246

Name of the Vulnerable Software and Affected Versions Auto Amazon Links – Amazon Associates Affiliate Plugin versions prior to 5.4.4 Description The Auto Amazon Links – Amazon Associates Affiliate Plugin for WordPress is susceptible to unauthorized access to arbitrary files. This is possible...

7.5CVSS6.4AI score0.00447EPSS
Exploits0References6
CVE
CVE
added 2025/11/08 9:28 a.m.29 views

CVE-2025-12399

Summary: CVE-2025-12399 affects the WordPress plugin “Alex Reservations: Smart Restaurant Booking” up to version 2.2.3. The vulnerability stems from missing file type validation in the REST endpoint /wp-json/srr/v1/app/upload/file, enabling authenticated attackers with Administrator-level access ...

7.2CVSS7AI score0.00629EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/10/04 11:53 a.m.17 views

CVE-2025-9209

The RestroPress – Online Food Ordering System plugin for WordPress is vulnerable to Authentication Bypass in versions 3.0.0 to 3.1.9.2. This is due to the plugin exposing user private tokens and API data via the /wp-json/wp/v2/users REST API endpoint. This makes it possible for unauthenticated...

9.8CVSS6.4AI score0.02196EPSS
Exploits6References1
Vulnrichment
Vulnrichment
added 2025/09/18 6:0 a.m.5 views

CVE-2025-5305 Password Reset with Code < 0.0.17 - Insecure Password Reset Code Creation

The Password Reset with Code for WordPress REST API WordPress plugin before 0.0.17 does not use cryptographically sound algorithms to generate OTP codes, potentially leading to account takeovers...

6.4AI score0.00219EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2019-20043

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a...

5CVSS6.7AI score0.02475EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/16 11:25 a.m.6 views

CVE-2025-52716

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Acato WP REST Cache wp-rest-cache allows PHP Local File Inclusion.This issue affects WP REST Cache: from n/a through = 2025.1.0...

7.5CVSS5.9AI score0.00417EPSS
Exploits0References1
CVE
CVE
added 2025/08/14 10:34 a.m.15 views

CVE-2025-52716

CVE-2025-52716 concerns the WordPress plugin WP REST Cache prior to or up to version 2025.1.0. The vulnerability is an improper control of filenames for include/require statements, enabling local file inclusion (LFI) via the PHP runtime. Affected products are WP REST Cache (WordPress plugin); no ...

7.5CVSS5.9AI score0.00417EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/14 10:34 a.m.2 views

CVE-2025-52716 WordPress WP REST Cache <= 2025.1.0 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Acato WP REST Cache allows PHP Local File Inclusion. This issue affects WP REST Cache: from n/a through 2025.1.0...

7.5CVSS7.4AI score0.00417EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/06/13 6:41 a.m.35 views

WordPress REST API | Custom API Generator For Cross Platform And Import Export In WP plugin <= 2.0.3 - Missing Authorization to Unauthenticated Privilege Escalation via process_handler Function vulnerability

Missing Authorization to Unauthenticated Privilege Escalation via processhandler Function vulnerability discovered by kr0d in WordPress Plugin REST API | Custom API Generator For Cross Platform And Import Export In WP versions = 2.0.3...

9.8CVSS6.7AI score0.00532EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 4:37 a.m.9 views

CVE-2023-35039

Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15...

9.8CVSS8.7AI score0.00857EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/16 12:44 p.m.13 views

CVE-2025-39545 WordPress WordPress REST API Authentication <= 3.6.3 - Settings Change Vulnerability

Missing Authorization vulnerability in miniOrange WordPress REST API Authentication allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress REST API Authentication: from n/a through 3.6.3...

5.4CVSS7.2AI score0.0047EPSS
Exploits0References1
OSV
OSV
added 2024/12/31 6:15 a.m.6 views

CVE-2024-11972

The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin...

9.8CVSS5.9AI score0.54754EPSS
Exploits5References1
OSV
OSV
added 2024/10/20 8:15 a.m.6 views

CVE-2024-49328

Authentication Bypass Using an Alternate Path or Channel vulnerability in Vivek Tamrakar WP REST API FNS allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through 1.0.0...

9.8CVSS5.8AI score0.01461EPSS
Exploits2References1
OSV
OSV
added 2023/12/07 12:15 p.m.6 views

CVE-2023-35039

Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15...

9.8CVSS7.3AI score0.00857EPSS
Exploits0References1
Rows per page
Query Builder