CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2026-28080 Missing Authorization vulnerability in Rank Math Rank Math SEO PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rank Math SEO PRO: from n/a through 3.0.95... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-23810 A vulnerability in the packet processing logic may allow an authenticated attacker to craft and transmit a malicious Wi-Fi frame that causes an Access Point (AP) to classify the frame as group-address... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-23811 A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 (L2) communication restrictions between clients and redirect traffic at Layer 3 (L3). In addition to bypassing... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-23812 A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1215 The MMA Call Tracking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.15. This is due to missing nonce validation when saving plugin configur... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-36758 A Server-Side Request Forgery (SSRF) in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request. | 4.3 | MEDIUM | — | 0 |
| CVE-2026-32456 Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts Admin Menu Editor admin-menu-editor allows Cross Site Request Forgery.This issue affects Admin Menu Editor: from n/a through <= 1.14.1. | 4.3 | MEDIUM | — | 0 |
| CVE-2026-3982 A vulnerability was determined in itsourcecode University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_result.php. Executing a manipulation of th... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-29049 melange allows users to build apk packages using declarative pipelines. In version 0.40.5 and prior, melange update-cache downloads URIs from build configs via io.Copy without any size limit or HTTP c... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-54222 Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Accelerator seraphinite-accelerator allows Retrieve Embedded Sensitive Data.This issue affects Seraphinite Accelerator: from n/... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-32407 Missing Authorization vulnerability in WPClever WPC Smart Wishlist for WooCommerce woo-smart-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Sma... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-42645 Cross-Site Request Forgery (CSRF) vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders all... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-25916 Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage. | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2230 The Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 10.14.14 via the handle_ajax_save function due to missing validation o... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-32406 Missing Authorization vulnerability in WPClever WPC Product Bundles for WooCommerce woo-product-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Pr... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-25420 Missing Authorization vulnerability in MailerLite MailerLite official-mailerlite-sign-up-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailerLite: fr... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-25416 Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News K... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-25363 Missing Authorization vulnerability in FooPlugins FooGallery foogallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FooGallery: from n/a through <= 3.1.1... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-42648 Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1128 The WP eCommerce WordPress plugin through 3.15.1 does not have CSRF check in place when deleting coupons, which could allow attackers to make a logged in admin remove them via a CSRF attack | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1860 The Kali Forms plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.8. This is due to the `get_items_permissions_check()` permission callbac... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-25411 Cross-Site Request Forgery (CSRF) vulnerability in themastercut Revision Manager TMC revision-manager-tmc allows Cross Site Request Forgery.This issue affects Revision Manager TMC: from n/a through <=... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-3906 WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature (block-level collaboration annotations) was introduced in WordPress 6.9 to allow editorial comments... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-25410 Missing Authorization vulnerability in tstephenson WP-CORS wp-cors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CORS: from n/a through <= 0.2.2. | 4.3 | MEDIUM | — | 0 |
| CVE-2026-25409 Missing Authorization vulnerability in crgeary JAMstack Deployments wp-jamstack-deployments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JAMstack Deployme... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1087 The Guardian News Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the settings update functi... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1086 The Font Pairing Preview For Landing Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing nonce validation on the se... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1085 The True Ranker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.9. This is due to missing nonce validation on the seolocalrank-signout action... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1073 The Purchase Button For Affiliate Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing nonce validation on the sett... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-25313 Missing Authorization vulnerability in Shahjahan Jewel FluentForm fluentform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentForm: from n/a through <= ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-33326 Keystone is a content management system for Node.js. Prior to version 6.5.2, {field}.isFilterable access control can be bypassed in findMany queries by passing a cursor. This can be used to confirm th... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-39985 LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, the redirect ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1655 The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the save_frontend_... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1857 The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.6.1. This is due to insufficient validation of the ... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-14342 The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sq_ajax_uninstall function in all versions up to, and in... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-4138 The DX Unanswered Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to missing nonce validation on the plugin's settings ... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-59544 Chamilo is a learning management system. Prior to version 1.11.34, the functionality for the user to update the category does not implement authorization checks for the "category_id" parameter which a... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-58922 Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada allows Cross Site Request Forgery.This issue affects Avada: from n/a before 7.13.2. | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1930 The Emailchef plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the page_options_ajax_disconnect() function in all versions up to, and includ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-3236 In affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting in the new API key having a lifetime exceeding the original API key used to mint ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1925 The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'update_template_data' function in al... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-14167 The Remove Post Type Slug plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to incorrect nonce validation logic that uses OR (||... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-4140 The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.1.6. This is due to missing nonce validation in the ni_order_expo... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-4139 The mCatFilter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.5.2. This is due to the complete absence of nonce verification and capability chec... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-4133 The TextP2P Texting Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.7. This is due to missing nonce validation in the imTextP2POptionPage(... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-27723 OpenProject is an open-source, web-based project management software. Prior to versions 17.0.5 and 17.1.2, an attacker can create wiki pages belonging to unpermitted projects through an improperly aut... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-13438 The Page Title, Description & Open Graph Updater plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.02. This is due to missing nonce validation on... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-12884 The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.0.14. This is due to the plugin not properly verifying that a use... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-12172 The Mailchimp List Subscribe Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation on ... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-12081 The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the "acf_photo_gallery_edit_save" function in all versions up t... | 4.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.