Lucene search
K

266218 matches found

Cvelist
Cvelist
added 11 hours ago4 views

CVE-2026-57787 WordPress CWS SVGicons plugin <= 1.5.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CreativeWS CWS SVGicons cws-svgicons allows Blind SQL Injection.This issue affects CWS SVGicons: from n/a through = 1.5.5...

8.5CVSS
Exploits0References1
Cvelist
Cvelist
added 11 hours ago4 views

CVE-2026-61975 WordPress JetReviews plugin <= 3.0.1 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetReviews jet-reviews allows Retrieve Embedded Sensitive Data.This issue affects JetReviews: from n/a through = 3.0.1...

5.3CVSS
Exploits0References1
Cvelist
Cvelist
added 11 hours ago4 views

CVE-2026-61971 WordPress User Profile Picture plugin <= 2.6.3 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture metronet-profile-picture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Profile Picture: from n/a through = 2.6.3...

2.7CVSS
Exploits0References1
Cvelist
Cvelist
added 11 hours ago5 views

CVE-2026-59521 WordPress Real Testimonials plugin <= 3.1.15 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC Real Testimonials testimonial-free allows Object Injection.This issue affects Real Testimonials: from n/a through = 3.1.15...

7.2CVSS
Exploits0References1
Cvelist
Cvelist
added 11 hours ago5 views

CVE-2026-61970 WordPress Auto Featured Image (Auto Post Thumbnail) plugin <= 5.0.4 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Themeisle Auto Featured Image Auto Post Thumbnail auto-post-thumbnail allows Server Side Request Forgery.This issue affects Auto Featured Image Auto Post Thumbnail: from n/a through = 5.0.4...

4.9CVSS
Exploits0References1
Cvelist
Cvelist
added 11 hours ago3 views

CVE-2026-61956 WordPress ووسلام – همگام سازی ووکامرس و باسلام plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in hamsalam ووسلام همگام سازی ووکامرس و باسلام sync-basalam allows Cross Site Request Forgery.This issue affects ووسلام همگام سازی ووکامرس و باسلام: from n/a through = 1.9.1...

7.1CVSS
Exploits0References1
Cvelist
Cvelist
added 11 hours ago4 views

CVE-2026-61983 WordPress Church Admin plugin <= 5.0.30 - Broken Access Control vulnerability

Missing Authorization vulnerability in andymoyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through = 5.0.30...

5.3CVSS
Exploits0References1
Cvelist
Cvelist
added 11 hours ago6 views

CVE-2026-57805 WordPress Tonda theme <= 2.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Tonda tonda allows PHP Local File Inclusion.This issue affects Tonda: from n/a through = 2.5...

7.5CVSS
Exploits0References1
Cvelist
Cvelist
added 11 hours ago4 views

CVE-2026-59516 WordPress ICS Calendar plugin <= 12.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Reflected XSS.This issue affects ICS Calendar: from n/a through = 12.1.1...

7.1CVSS
Exploits0References1
Cvelist
Cvelist
added 11 hours ago6 views

CVE-2026-59523 WordPress Simply Schedule Appointments plugin <= 1.6.11.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.11.11...

6.5CVSS
Exploits0References1
Cvelist
Cvelist
added 11 hours ago4 views

CVE-2026-61955 WordPress گرویتی فرم فارسی plugin <= 3.0.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Hannan گرویتی فرم فارسی persian-gravity-forms allows Blind SQL Injection.This issue affects گرویتی فرم فارسی: from n/a through = 3.0.2...

7.6CVSS
Exploits0References1
Cvelist
Cvelist
added 11 hours ago4 views

CVE-2026-61968 WordPress myCred plugin <= 3.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through = 3.1.2...

5.4CVSS
Exploits0References1
Cvelist
Cvelist
added 11 hours ago7 views

CVE-2026-61976 WordPress JetBlocks For Elementor plugin <= 1.5.0 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Retrieve Embedded Sensitive Data.This issue affects JetBlocks For Elementor: from n/a through = 1.5.0...

5.3CVSS
Exploits0References1
Cvelist
Cvelist
added 11 hours ago6 views

CVE-2026-61985 WordPress Car Rental Manager plugin <= 1.3.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam Car Rental Manager car-rental-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Car Rental Manager: from n/a through = 1.3.7...

5.3CVSS
Exploits0References1
CVE
CVE
added 11 hours ago14 views

CVE-2026-57813

CVE-2026-57813 affects the WordPress MailOptin plugin, specifically versions up to 1.2.77.3. The vulnerability is an Incorrect Privilege Assignment that allows Privilege Escalation. Documented risk is high (CVSS v3.1: 9.8, Network, Privileges Required: None, User Interaction: None, Scope: Unchang...

9.8CVSS6.1AI score
Exploits0References1
CVE
CVE
added 11 hours ago6 views

CVE-2026-57409

The CVE describes a DOM-based Cross-Site Scripting (XSS) vulnerability in the WordPress plugin “Profit Products Tables for WooCommerce” (Active Products Tables for WooCommerce) by RealMag777, affecting versions up to and including 1.1.0. The issue arises from improper neutralization of input duri...

7.1CVSS6.1AI score
Exploits0References1
CVE
CVE
added 11 hours ago4 views

CVE-2026-57392

The CVE-2026-57392 entry concerns the WordPress Tourfic plugin (versions up to 2.22.5) with a Missing Authorization / Broken Access Control vulnerability. The root cause is misconfigured access control, enabling unauthorized access to protected resources or actions. Impact is described as broken ...

6.5CVSS6.1AI score
Exploits0References1
CVE
CVE
added 11 hours ago4 views

CVE-2026-57711

CVE-2026-57711 concerns the WordPress plugin SupportCandy

6.5CVSS6.1AI score
Exploits0References1
CVE
CVE
added 11 hours ago8 views

CVE-2026-57732

CVE-2026-57732 : A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the WordPress plugin tagDiv Opt-In Builder (td-subscription), affecting versions

7.1CVSS6.1AI score
Exploits0References1
CVE
CVE
added 11 hours ago6 views

CVE-2026-57694

CVE-2026-57694 affects the WordPress Tutor LMS plugin up to version 3.9.13, describing an insecure direct object reference (IDOR) vulnerability that enables an authorization bypass via a user-controlled key. The root cause is misconfigured access controls that allow access to restricted resources...

6.5CVSS6.1AI score
Exploits0References1
Rows per page
Query Builder