Lucene search
K

265634 matches found

Nuclei
Nuclei
added 16 hours ago120 views

Business Directory Plugin <= 6.4.2 - SQL Injection

The Business Directory Plugin Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

9.8CVSS6.1AI score0.10272EPSS
Exploits1References4
Nuclei
Nuclei
added 16 hours ago72 views

WordPress Simple Job Board <2.9.4 - Local File Inclusion

WordPress Simple Job Board prior to version 2.9.4 is vulnerable to arbitrary file retrieval vulnerabilities because it does not validate the sjbfile parameter when viewing a resume, allowing an authenticated user with the downloadresume capability such as HR users to download arbitrary files from...

7.7CVSS7AI score0.30479EPSS
Exploits7References5
Nuclei
Nuclei
added 16 hours ago38 views

WordPress Plugin Age Verification v0.4 - Open Redirect

Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirectto parameter. id: CVE-2012-6499 info: name: WordPress Plugin Age...

5.8CVSS6.2AI score0.10603EPSS
Exploits1References3
Nuclei
Nuclei
added 16 hours ago34 views

WordPress Broken Link Notifier < 1.3.1 - Unauthenticated SSRF

The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.0 via the ajaxblinks function which ultimately calls the checkurlstatuscode function. This makes it possible for unauthenticated attackers to make web requests to...

7.2CVSS6.2AI score0.00623EPSS
Exploits0References3
Nuclei
Nuclei
added 16 hours ago91 views

WordPress Imagements <=1.2.5 - Arbitrary File Upload

WordPress Imagements plugin through 1.2.5 is susceptible to arbitrary file upload which can lead to remote code execution. The plugin allows images to be uploaded in comments but only checks for the Content-Type in the request to forbid dangerous files. An attacker can upload arbitrary files by...

9.8CVSS7.3AI score0.0714EPSS
Exploits2References4
Nuclei
Nuclei
added 16 hours ago64 views

WordPress Domain Check <1.0.17 - Cross-Site Scripting

WordPress Domain Check plugin before 1.0.17 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the domain parameter before outputting it back in the page. id: CVE-2021-24926 info: name: WordPress Domain Check 1.0.17 - Cross-Site Scripting author: cckuailong...

6.1CVSS6.4AI score0.12857EPSS
Exploits5References4
Nuclei
Nuclei
added 16 hours ago76 views

WordPress GN Publisher <1.5.6 - Cross-Site Scripting

WordPress GN Publisher plugin before 1.5.6 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow th...

6.1CVSS6.7AI score0.0126EPSS
Exploits3References5
Nuclei
Nuclei
added 16 hours ago54 views

WordPress Fancy Product Designer <4.6.9 - Arbitrary File Upload

WordPress Fancy Product Designer plugin before 4.6.9 is susceptible to an arbitrary file upload. An attacker can upload malicious files and execute code on the server, modify data, and/or gain full control over a compromised system without authentication. id: CVE-2021-24370 info: name: WordPress...

9.8CVSS7.2AI score0.47091EPSS
Exploits2References5
Nuclei
Nuclei
added 16 hours ago11 views

Total Donations Plugin for WordPress < 2.0.6 - Arbitrary Options Update

Incorrect access control in miglaajaxfunctions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to wp-admin/admin-ajax.php to call...

9.8CVSS7AI score0.26076EPSS
Exploits1References2
Nuclei
Nuclei
added 16 hours ago13 views

Yellow Pencil Visual Theme Customizer < 7.2.1 - Privilege Escalation

The WaspThemes Visual CSS Style Editor aka yellow-pencil-visual-theme-customizer plugin before 7.2.1 for WordPress allows ypoptionupdate CSRF, as demonstrated by use of ypremoteget to obtain admin access. id: CVE-2019-11886 info: name: Yellow Pencil Visual Theme Customizer 7.2.1 - Privilege...

8.8CVSS7AI score0.0189EPSS
Exploits1References3
Nuclei
Nuclei
added 16 hours ago19 views

WordPress AI ChatBot (WPBot) <= 4.8.9 - SQL Injection

ChatBot plugin for WordPress up to 4.8.9 contains a sqlinjection caused by insufficient escaping and lack of preparation on the $strid parameter, letting unauthenticated attackers extract sensitive data, exploit requires no authentication. id: CVE-2023-5204 info: name: WordPress AI ChatBot WPBot ...

9.8CVSS7AI score0.06888EPSS
Exploits4References3
Nuclei
Nuclei
added 16 hours ago77 views

Integrate Google Drive <= 1.1.99 - Missing Authorization via REST API Endpoints

The Integrate Google Drive plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, and including, 1.1.99. This makes it possible for unauthenticated attackers to perform a wide variety of operations, such as movi...

9.8CVSS7AI score0.06399EPSS
Exploits0References2
Nuclei
Nuclei
added 16 hours ago31 views

Glossy WordPress - Reflected XSS

Glossy WordPress plugin v2.3.5 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to click a malicious link. id: CVE-2024-13325 info: name: Glossy WordPress -...

6.1CVSS7AI score0.00567EPSS
Exploits1References1
Nuclei
Nuclei
added 16 hours ago381 views

WordPress Plugin Forminator 1.24.6 - Arbitrary File Upload

The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the uploadpostimage function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload...

9.8CVSS7.4AI score0.12749EPSS
Exploits3References5
Nuclei
Nuclei
added 16 hours ago22 views

WooCommerce Help Scout - Arbitrary File Upload

WooCommerce Help Scout plugin before version 2.9.1 contains an unrestricted file upload vulnerability. The vulnerability allows unauthenticated users to upload arbitrary files to the server which by default will end up in wp-content/uploads/hstmp/ directory, potentially leading to remote code...

9.8CVSS7.3AI score0.07908EPSS
Exploits2References3
Nuclei
Nuclei
added 16 hours ago22 views

JetBackup <= 2.0.9.7 - Sensitive Information Exposure via Directory Listing

JetBackup WordPress plugin = 2.0.9.9 does not use index files to prevent directory listing in certain configurations, letting malicious actors leak backup files, exploit requires access to the web server. id: CVE-2023-7165 info: name: JetBackup = 2.0.9.7 - Sensitive Information Exposure via...

7.5CVSS7AI score0.01915EPSS
Exploits2References3
Nuclei
Nuclei
added 16 hours ago24 views

WordPress Media Library Assistant <= 3.34 - SQL Injection

David Lingren Media Library Assistant = 3.34 contains an sql injection caused by improper neutralization of special elements in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires crafted input. id: CVE-2026-34885 info: name: WordPress Media Library Assistant = 3.34 -...

8.5CVSS6.3AI score0.01668EPSS
Exploits0References3
Nuclei
Nuclei
added 16 hours ago11 views

WordPress File Manager <= 7.2.1 - Directory Traversal

File Manager and File Manager Pro plugins for WordPress versions up to 7.2.1 and 8.3.4 contain a directory traversal caused by the 'target' parameter in mkfilefoldermanageractioncallbackshortcode, letting attackers read arbitrary files and upload files outside designated directories, exploit...

9.9CVSS7.1AI score0.06009EPSS
Exploits0References2
Nuclei
Nuclei
added 16 hours ago9 views

Cost Calculator Builder <= 3.2.15 - SQL Injection

The Cost Calculator Builder plugin for WordPress is vulnerable to SQL Injection via discount codes in versions up to, and including, 3.2.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

9.8CVSS6.1AI score0.02002EPSS
Exploits0References3
Nuclei
Nuclei
added 16 hours ago32 views

CP Image Store with Slideshow <= 1.0.67 - SQL Injection

The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the orderingby query parameter before using it in a SQL statement in pages where the codepeople-image-store is embed, allowing unauthenticated users to perform an SQL injection attack. id: CVE-2022-1692...

9.8CVSS7.1AI score0.1036EPSS
Exploits2References3
Rows per page
Query Builder