Lucene search
K

2201 matches found

Nuclei
Nuclei
added 9 hours ago9 views

Everest Forms Pro <= 1.9.12 - Unauthenticated RCE via Calculation Formula Injection

The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's processfilter function concatenating user-submitted form field values into a PHP code string without proper...

9.8CVSS6.5AI score0.40992EPSS
Exploits1References4
Nuclei
Nuclei
added 9 hours ago18 views

WordPress Product Addons & Fields for WooCommerce < 32.0.7 - Cross-Site Scripting

The Product Addons & Fields for WooCommerce WordPress plugin before version 32.0.7 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape some URL parameters in the admin panel, which could allow attackers to execute arbitrary JavaScript code in ...

6.1CVSS7AI score0.00952EPSS
Exploits2References2
Nuclei
Nuclei
added 9 hours ago17 views

Ultimate Addons for Elementor <= 1.24.1 - Registration Bypass

An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled. id: CVE-2020-13125 info...

9.9CVSS6.7AI score0.08565EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago115 views

Extensive VC Addons for WPBakery page builder < 1.9.1 - Unauthenticated RCE

The plugin does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may be escalated to RCE using PHP filter chains. id: CVE-2023-0159 info:...

7.5CVSS7.2AI score0.55736EPSS
Exploits3References5
EUVD
EUVD
added 16 hours ago6 views

EUVD-2026-41233

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.7AI score
Exploits0References2
CVE
CVE
added 6 days ago10 views

CVE-2026-56028

CVE-2026-56028 describes an unauthenticated privilege-escalation vulnerability in the WordPress plugin Easy Elements for Elementor – Addons & Website Templates (versions

9.8CVSS5.8AI score0.0036EPSS
Exploits0References1
OSV
OSV
added 6 days ago6 views

MAL-2026-6492 Malicious code in hexo-shoka-swiper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62f045b55721408d94a92f5d65b58d69c98d3dc29d5f4f9327fb8edb4f85eaad The package ships a binding.gyp whose sources field uses GYP command-expansion syntax !... at line 6. npm implicitly runs node-gyp rebuild whenever a...

6.4AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:31 a.m.7 views

CVE-2026-8118

The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Arbitrary File Read in versions 1.7.1058 through 1.7.1059. This is due to the wprgetcsvhandle helper introduced in version 1.7.1058 as part of the patch for CVE-2026-6229 falling back to...

6.5CVSS5.9AI score0.0024EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2026-37647

Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...

7.5CVSS5.2AI score0.00467EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/17 3:22 p.m.16 views

Important: Red Hat Security Advisory: Custom Metrics Autoscaler Operator for Red Hat OpenShift 2.19.0-1 Update

Custom Metrics Autoscaler Operator for Red Hat OpenShift updates. The following updates for the Custom Metric Autoscaler operator for Red Hat OpenShift are now available: custom-metrics-autoscaler-adapter-container custom-metrics-autoscaler-admission-webhooks-container...

10CVSS7.1AI score0.01945EPSS
Exploits4References13
NVD
NVD
added 2026/06/17 1:21 p.m.8 views

CVE-2026-9690

Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...

7.5CVSS0.00467EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:50 a.m.12 views

CVE-2026-39597

This CVE covers an unauthenticated, reflected Cross Site Scripting (XSS) in the WordPress WPZOOM Addons for Elementor plugin (versions

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.28 views

CVE-2026-9690 WordPress WP Media folder Addon plugin <= 4.0.1 - Arbitrary File Download vulnerability

Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...

7.5CVSS0.00467EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:50 a.m.11 views

CVE-2026-9690

CVE-2026-9690 concerns the WordPress WP Media folder Addon plugin (versions &lt;= 4.0.1). The vulnerability is an unauthenticated arbitrary file download, enabling an attacker to download arbitrary files from the affected site without authentication. The issue is associated with the WP Media fold...

7.5CVSS5.2AI score0.00467EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50363

Name of the Vulnerable Software and Affected Versions WP Media folder Addon versions prior to 4.0.2 Description An unauthenticated arbitrary file download issue exists in the software, allowing an attacker to download files without providing credentials. Recommendations Update to version 4.0.2 or...

7.5CVSS6AI score0.00467EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/15 8:19 p.m.27 views

CVE-2026-52694 WordPress Signature Add-On for WooCommerce plugin <= 2.0 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce = 2.0 versions...

7.5CVSS0.00238EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:17 p.m.28 views

CVE-2026-39499 WordPress Advanced Product Fields (Product Addons) for WooCommerce plugin <= 1.6.19 - PHP Object Injection vulnerability

Shop manager PHP Object Injection in Advanced Product Fields Product Addons for WooCommerce = 1.6.19 versions...

7.2CVSS0.00446EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.11 views

CVE-2025-8444

The Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the multiple parameters in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. Th...

6.4CVSS5.7AI score0.00155EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 5:11 a.m.24 views

Malicious code in fastify-addon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3cb91c825be697244f8ff069bb56e79aff3b90de7b9947019095b6d0fa2fd270 fastify-addon is a typosquat of the legitimate fastify-plugin package. Its package.json sets repository, bugs, and homepage to...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/11 5:11 a.m.30 views

MAL-2026-5566 Malicious code in fastify-addon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3cb91c825be697244f8ff069bb56e79aff3b90de7b9947019095b6d0fa2fd270 fastify-addon is a typosquat of the legitimate fastify-plugin package. Its package.json sets repository, bugs, and homepage to...

5.5AI score
Exploits0References1
Rows per page
Query Builder