Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

120 matches found

Nuclei
Nucleiadded 6 hours ago9 views

GiveWP - Missing Authorization to Settings Update

GiveWP plugin through 2.5.9 for WordPress contains an unauthenticated settings change caused by insecure access in includes/gateways/stripe/includes/admin/admin-actions.php, letting attackers modify settings without authentication, exploit requires no authentication. id: CVE-2020-20627 info: name...

5.3CVSS5.9AI score0.02812EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 3 days ago4 views

CVE-2026-3480

The WP Blockade plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 0.9.14. The plugin registers an adminpost action hook 'wp-blockade-shortcode-render' that maps to the rendershortcodepreview function. This function lacks any capability check...

6.5CVSS5.8AI score0.00015EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 3 days ago6 views

CVE-2026-6709

The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce verification in the savesettings function, which is registered on the adminpostcccf7savesettings...

4.3CVSS5.5AI score0.00035EPSS
Exploits0References1
Cvelist
Cvelistadded 6 days ago34 views

CVE-2026-9234 JTL-Connector for WooCommerce <= 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Settings Modification via Multiple Functions

The JTL-Connector for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.4.1. This is due to missing capability checks and nonce verification on the adminpostsettingssavewoo-jtl-connector action handled by JtlConnectorAdmin::save and on the...

4.3CVSS0.00031EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 6 days ago8 views

PT-2026-45711

The JTL-Connector for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.4.1. This is due to missing capability checks and nonce verification on the admin post settings save woo-jtl-connector action handled by JtlConnectorAdmin::save and on...

4.3CVSS5.9AI score0.00031EPSS
Exploits0References7
NVD
NVDadded 2026/05/22 5:16 a.m.10 views

CVE-2026-3481

The WP Blockade plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode' parameter in all versions up to and including 0.9.14. This is due to insufficient input sanitization and output escaping in the rendershortcodepreview function. The function receives user inpu...

6.1CVSS0.00011EPSS
Exploits0References5
CVE
CVEadded 2026/05/22 4:29 a.m.14 views

CVE-2026-3481

The CVE-2026-3481 entry concerns the WP Blockade WordPress plugin (versions

6.1CVSS6AI score0.00011EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/05/22 4:29 a.m.9 views

CVE-2026-3481 WP Blockade <= 0.9.14 - Reflected Cross-Site Scripting via 'shortcode' Parameter

The WP Blockade plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode' parameter in all versions up to and including 0.9.14. This is due to insufficient input sanitization and output escaping in the rendershortcodepreview function. The function receives user inpu...

6.1CVSS6AI score0.00011EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/05/22 12:0 a.m.10 views

PT-2026-42723

Name of the Vulnerable Software and Affected Versions WP Blockade versions prior to 0.9.15 Description The plugin is subject to Reflected Cross-Site Scripting, a flaw where an application includes untrusted data in a web page without proper validation, allowing attackers to execute scripts in the...

6.1CVSS5.9AI score0.00011EPSS
Exploits0References10
Positive Technologies
Positive Technologiesadded 2026/05/15 12:0 a.m.5 views

PT-2026-41274

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field update mechanism combined with overly permissive capabilities for the admin form post type. The...

8.8CVSS5.7AI score0.00126EPSS
Exploits0References6
EUVD
EUVDadded 2026/05/12 9:31 a.m.6 views

EUVD-2026-29408

The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce verification in the savesettings function, which is registered on the adminpostcccf7savesettings...

4.3CVSS5.8AI score0.00035EPSS
Exploits0References8
NVD
NVDadded 2026/05/12 9:16 a.m.9 views

CVE-2026-6709

The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce verification in the savesettings function, which is registered on the adminpostcccf7savesettings...

4.3CVSS0.00035EPSS
Exploits0References7
CVE
CVEadded 2026/05/12 7:48 a.m.25 views

CVE-2026-6709

CVE-2026-6709 affects the WordPress plugin Coinbase Commerce for Contact Form 7 in versions up to and including 1.1.2. Root cause: missing capability check and nonce verification in the save_settings() function registered on the admin_post_cccf7_save_settings hook. Impact: authenticated attackers...

4.3CVSS5.8AI score0.00035EPSS
Exploits0References7
Cvelist
Cvelistadded 2026/05/12 7:48 a.m.29 views

CVE-2026-6709 Coinbase Commerce for Contact Form 7 <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) API Key Modification via 'cccf7_api_key' Parameter

The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce verification in the savesettings function, which is registered on the adminpostcccf7savesettings...

4.3CVSS0.00035EPSS
Exploits0References7
ATTACKERKB
ATTACKERKBadded 2026/05/12 7:48 a.m.4 views

CVE-2026-6709

The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce verification in the savesettings function, which is registered on the adminpostcccf7savesettings...

4.3CVSS5.8AI score0.00035EPSS
Exploits0References8
Vulnrichment
Vulnrichmentadded 2026/05/12 7:48 a.m.6 views

CVE-2026-6709 Coinbase Commerce for Contact Form 7 <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) API Key Modification via 'cccf7_api_key' Parameter

The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce verification in the savesettings function, which is registered on the adminpostcccf7savesettings...

4.3CVSS5.8AI score0.00035EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2026/05/12 12:0 a.m.21 views

PT-2026-39963

The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce verification in the save settings function, which is registered on the admin post cccf7 save...

4.3CVSS5.8AI score0.00035EPSS
Exploits0References8
NVD
NVDadded 2026/04/22 9:16 a.m.2 views

CVE-2026-4119

The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 1.2.1. The plugin registers adminpost action hooks for creating tables adminpostaddtable and deleting tables adminpostdeletedbtable without implementing any capability checks via...

9.1CVSS0.0003EPSS
Exploits0References13
CVE
CVEadded 2026/04/22 7:45 a.m.7 views

CVE-2026-4119

CVE-2026-4119 affects the WordPress plugin Create DB Tables (versions up to and including 1.2.1). The vulnerability arises from missing capability checks and nonce verification in admin_post hooks for creating and deleting tables, allowing any authenticated user (including Subscribers) to execute...

9.1CVSS5.8AI score0.0003EPSS
Exploits0References13
Vulnrichment
Vulnrichmentadded 2026/04/22 7:45 a.m.2 views

CVE-2026-4119 Create DB Tables <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Database Table Creation/Deletion via admin-post.php

The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 1.2.1. The plugin registers adminpost action hooks for creating tables adminpostaddtable and deleting tables adminpostdeletedbtable without implementing any capability checks via...

9.1CVSS5.8AI score0.0003EPSS
Exploits0References13
Rows per page
Query Builder