5.4

CVSS3.1

CVE-2026-2879 - GetGenie <= 4.3.2 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Post Over…

The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.2. This is due to missing validation on the `id` parameter in the `create()` method of the `GetGenieChat` REST API endpoint. The method accepts a user-controlled post ID and…

πŸ“… Published: March 13, 2026, 8:25 a.m. πŸ”„ Last Modified: March 13, 2026, 8:25 a.m.

6.4

CVSS3.1

CVE-2026-2257 - GetGenie <= 4.3.2 - Insecure Direct Object Reference to Authenticated (Author+) Stored Cross-Site S…

The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.2 due to missing validation on a user controlled key in the `action` function. This makes it possible for authenticated attackers, with Author-level access and above, to upd…

πŸ“… Published: March 13, 2026, 8:25 a.m. πŸ”„ Last Modified: March 13, 2026, 8:25 a.m.

7.2

CVSS3.1

CVE-2026-3873 - Legacy built-in user account

Use of Hard-coded Credentials vulnerability in Avnatra Avantra allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Avantra: before 25.3.0.

πŸ“… Published: March 13, 2026, 8:14 a.m. πŸ”„ Last Modified: March 13, 2026, 8:14 a.m.

7.5

CVSS3.1

CVE-2026-2890 - Formidable Forms <= 6.28 - Missing Authorization to Unauthenticated Payment Integrity Bypass via Pa…

The Formidable Forms plugin for WordPress is vulnerable to a payment integrity bypass in all versions up to, and including, 6.28. This is due to the Stripe Link return handler (`handle_one_time_stripe_link_return_url`) marking payment records as complete based solely on the Stripe PaymentIntent sta…

πŸ“… Published: March 13, 2026, 7:23 a.m. πŸ”„ Last Modified: March 13, 2026, 7:23 a.m.

4.3

CVSS3.1

CVE-2026-1704 - Appointment Booking Calendar <= 1.6.9.29 - Insecure Direct Object Reference to Authenticated (Staff…

The Appointment Booking Calendar β€” Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.9.29. This is due to the `get_item_permissions_check` method granting access to users with the `ssa_manage_…

πŸ“… Published: March 13, 2026, 7:23 a.m. πŸ”„ Last Modified: March 13, 2026, 7:23 a.m.

7.5

CVSS3.1

CVE-2026-3045 - Appointment Booking Calendar <= 1.6.9.29 - Missing Authorization to Unauthenticated Sensitive Infor…

The Appointment Booking Calendar β€” Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all versions up to and including 1.6.9.29. This is due to two compounding weaknesses: (1) a non-user-bound `public_nonce` is exposed to unauthenticated user…

πŸ“… Published: March 13, 2026, 7:23 a.m. πŸ”„ Last Modified: March 13, 2026, 7:23 a.m.

9.8

CVSS3.1

CVE-2026-3891 - Pix for WooCommerce <= 1.5.0 - Unauthenticated Arbitrary File Upload

The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lkn_pix_for_woocommerce_c6_save_settings' function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated at…

πŸ“… Published: March 13, 2026, 7:23 a.m. πŸ”„ Last Modified: March 13, 2026, 7:23 a.m.

6.9

CVSS4.0

CVE-2025-15515 -

The authentication mechanism for a specific feature in the EasyShare module contains a vulnerability. If specific conditions are met on a local network, it can cause data leakage

πŸ“… Published: March 13, 2026, 6:43 a.m. πŸ”„ Last Modified: March 13, 2026, 6:43 a.m.

6.4

CVSS3.1

CVE-2025-57849 - Fuse: privilege escalation via excessive /etc/passwd permissions

A container privilege escalation flaw was found in certain Fuse images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can …

πŸ“… Published: March 13, 2026, 3:08 a.m. πŸ”„ Last Modified: March 13, 2026, 3:08 a.m.

6.4

CVSS3.1

CVE-2025-8766 - Noobaa-core: excessive permissions of /etc could lead to escalation of privilege in the noobaa-core…

A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, ev…

πŸ“… Published: March 13, 2026, 2:48 a.m. πŸ”„ Last Modified: March 13, 2026, 2:48 a.m.
Total resulsts: 337726
Page 2 of 33,773
Β« previous page Β» next page
Filters