Lucene search
K

44503 matches found

Vulnrichment
Vulnrichment
added 2026/05/14 12:32 p.m.11 views

CVE-2026-4030 Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Arbitrary File Read and Deletion

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check combined with a user-controlled backup...

8.1CVSS5.9AI score0.00464EPSS
Exploits0References6
CVE
CVE
added 2026/05/14 12:32 p.m.12 views

CVE-2026-4030

The vulnerability CVE-2026-4030 affects the Database Backup for WordPress plugin for WordPress (all versions up to 2.5.2). The root cause is the plugin not properly enforcing the return value of its authorization check when combined with a user-controlled backup directory parameter, enabling unau...

8.1CVSS5.9AI score0.00464EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/14 12:32 p.m.35 views

CVE-2026-4030 Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Arbitrary File Read and Deletion

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check combined with a user-controlled backup...

8.1CVSS0.00464EPSS
Exploits0References6
Veracode
Veracode
added 2026/05/14 10:56 a.m.15 views

Path Traversal

org.eclipse.basyx:basyx.sdk is vulnerable to Path Traversal. The vulnerability is due to inadequate path normalization of the fileName parameter in the Submodel HTTP API, which allows an attacker to write arbitrary files to the host filesystem and potentially execute malicious code...

10CVSS6.2AI score0.03678EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2026/05/14 10:49 a.m.12 views

WordPress InfusedWoo Pro plugin <= 5.1.2 - Unauthenticated Arbitrary File Read vulnerability

Unauthenticated Arbitrary File Read vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin InfusedWoo Pro versions = 5.1.2...

7.5CVSS5.8AI score0.00271EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/14 10:10 a.m.13 views

WordPress Motors – Car Dealership & Classified Listings Plugin plugin <= 1.4.107 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Leonid Semenenko lsemenenko in WordPress Plugin Motors versions = 1.4.107...

8.1CVSS5.8AI score0.00256EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/14 9:48 a.m.14 views

WordPress Career Section plugin <= 1.7 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Paolo Tresso - Wordfence in WordPress Plugin Career Section versions = 1.7...

9.8CVSS5.8AI score0.00665EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/05/14 9:16 a.m.35 views

CVE-2026-6514

The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popupsubmit. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to...

7.5CVSS0.00271EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/14 8:24 a.m.10 views

CVE-2026-6514

The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popupsubmit. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to...

7.5CVSS5.9AI score0.00271EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/14 8:24 a.m.14 views

EUVD-2026-30263

The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popupsubmit. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to...

7.5CVSS5.9AI score0.00271EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/14 8:24 a.m.60 views

CVE-2026-6514 InfusedWoo Pro <= 5.1.2 - Unauthenticated Arbitrary File Read via 'url' Parameter

The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popupsubmit. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to...

7.5CVSS0.00271EPSS
Exploits0References2
CVE
CVE
added 2026/05/14 8:24 a.m.14 views

CVE-2026-6514

The CVE concerns InfusedWoo Pro for WordPress (all versions up to 5.1.2) with an Arbitrary File Read vulnerability exploitable via the popup_submit parameter. The root cause enables unauthenticated attackers to issue web requests to arbitrary locations from the application, potentially enabling a...

7.5CVSS5.9AI score0.00271EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/14 8:24 a.m.11 views

CVE-2026-6514 InfusedWoo Pro <= 5.1.2 - Unauthenticated Arbitrary File Read via 'url' Parameter

The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popupsubmit. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to...

7.5CVSS5.9AI score0.00271EPSS
Exploits0References2
NVD
NVD
added 2026/05/14 7:16 a.m.15 views

CVE-2026-6271

The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due to missing file type validation. This makes it possible for unauthenticated attackers to upload files that may be executable, which makes...

9.8CVSS0.00665EPSS
Exploits1References4
NVD
NVD
added 2026/05/14 7:16 a.m.25 views

CVE-2026-3892

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer logo upload flow. The plugin allows any authenticated user to...

8.1CVSS0.00256EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/14 6:44 a.m.46 views

CVE-2026-3892 Motors – Car Dealer, Classifieds & Listing <= 1.4.107 - Authenticated (Subscriber+) Arbitrary File Deletion via 'stm_dealer_logo_path' Parameter

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer logo upload flow. The plugin allows any authenticated user to...

8.1CVSS0.00256EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/14 6:44 a.m.8 views

CVE-2026-3892 Motors – Car Dealer, Classifieds & Listing <= 1.4.107 - Authenticated (Subscriber+) Arbitrary File Deletion via 'stm_dealer_logo_path' Parameter

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer logo upload flow. The plugin allows any authenticated user to...

8.1CVSS5.9AI score0.00256EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/14 6:44 a.m.6 views

CVE-2026-6271

The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due to missing file type validation. This makes it possible for unauthenticated attackers to upload files that may be executable, which makes...

9.8CVSS6.4AI score0.00665EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/05/14 6:44 a.m.10 views

CVE-2026-6271 Career Section <= 1.7 - Unauthenticated Arbitrary File Upload

The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due to missing file type validation. This makes it possible for unauthenticated attackers to upload files that may be executable, which makes...

9.8CVSS6.4AI score0.00665EPSS
Exploits1References4
EUVD
EUVD
added 2026/05/14 6:44 a.m.9 views

EUVD-2026-30253

The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due to missing file type validation. This makes it possible for unauthenticated attackers to upload files that may be executable, which makes...

9.8CVSS6.4AI score0.00665EPSS
Exploits1References4
Rows per page
Query Builder