Lucene search
+L

295 matches found

EUVD
EUVD
added 2026/05/22 3:39 a.m.13 views

EUVD-2026-31405

The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...

6.4CVSS6AI score0.0022EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/05/14 7:58 p.m.16 views

CVE-2026-45227

Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted...

8.8CVSS6.1AI score0.00227EPSS
Exploits0References1
NVD
NVD
added 2026/05/14 7:16 a.m.57 views

CVE-2026-6670

The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'subdir' and 'mediaitems' parameters. This is due to insufficient validation of user-supplied file paths, which are not checked for directory traversal sequences or restricted t...

6.5CVSS0.00526EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/14 6:44 a.m.6 views

CVE-2026-6670

The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'subdir' and 'mediaitems' parameters. This is due to insufficient validation of user-supplied file paths, which are not checked for directory traversal sequences or restricted t...

6.5CVSS5.8AI score0.00526EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/14 6:44 a.m.8 views

CVE-2026-6670 Media Sync <= 1.4.9 - Authenticated (Author+) Path Traversal via 'sub_dir' and 'media_items' Parameters

The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'subdir' and 'mediaitems' parameters. This is due to insufficient validation of user-supplied file paths, which are not checked for directory traversal sequences or restricted t...

6.5CVSS5.8AI score0.00526EPSS
Exploits0References2
CVE
CVE
added 2026/05/14 6:44 a.m.47 views

CVE-2026-6670

The Media Sync plugin for WordPress (versions up to 1.4.9) is vulnerable to Path Traversal via the sub_dir and media_items parameters. Due to insufficient validation of user-supplied file paths, attackers with Author-level access or higher can act on files outside the intended uploads directory. ...

6.5CVSS5.8AI score0.00526EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/13 12:29 p.m.11 views

CVE-2026-3425 RTMKit Addons for Elementor <= 2.0.2 - Authenticated (Author+) Local File Inclusion via 'path'

The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.2 via the 'path' parameter of the 'getcontent' AJAX action. This makes it possible for authenticated attackers, with Author-level access and above, to include and...

8.8CVSS6.4AI score0.00625EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/13 12:29 p.m.12 views

EUVD-2026-29937

The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.2 via the 'path' parameter of the 'getcontent' AJAX action. This makes it possible for authenticated attackers, with Author-level access and above, to include and...

8.8CVSS6.4AI score0.00625EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/12 9:18 p.m.58 views

CVE-2026-45227 Heym < 0.0.21 Sandbox Escape via Python Introspection

Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted...

8.8CVSS0.00227EPSS
Exploits0References4
OSV
OSV
added 2026/05/12 9:18 p.m.4 views

CVE-2026-45227 Heym < 0.0.21 Sandbox Escape via Python Introspection

Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted...

8.7CVSS6.2AI score0.00227EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Heym 安全漏洞

Heym is an open-source AI-native workflow automation platform developed by heymrun. Versions of Heym prior to 0.0.21 contained security vulnerabilities. These vulnerabilities stemmed from sandbox escape vulnerabilities in custom Python tool executors, which could allow authenticated workflow...

8.8CVSS5.8AI score0.00227EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.22 views

PT-2026-40452

Name of the Vulnerable Software and Affected Versions Heym versions prior to 0.0.21 Description A sandbox escape exists in the custom Python tool executor. Authenticated workflow authors can bypass sandbox restrictions using object-graph introspection primitives. By employing Python introspection...

8.8CVSS6AI score0.00227EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/05/08 9:26 a.m.40 views

CVE-2026-7475 Sky Addons <= 3.3.2 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Script

The Sky Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sky-custom-scripts custom post type in all versions up to, and including, 3.3.2. This is due to the custom post type being registered with capabilitytype = 'post' and showinrest = true, combined with...

6.4CVSS0.00244EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/07 4:27 a.m.55 views

CVE-2026-7252 WP-Optimize <= 4.5.2 - Authenticated (Author+) Arbitrary File Deletion via 'original-file' Post Meta

The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unscheduledoriginalfiledeletion function in all versions up to, and including, 4.5.2 Th...

8.1CVSS0.0095EPSS
Exploits0References9
EUVD
EUVD
added 2026/05/07 4:27 a.m.28 views

EUVD-2026-28323

The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unscheduledoriginalfiledeletion function in all versions up to, and including, 4.5.2 Th...

8.1CVSS6.5AI score0.0095EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/05/05 3:37 a.m.9 views

CVE-2026-5957 EmailKit <= 1.6.5 - Authenticated (Author+) Arbitrary File Read via 'emailkit-editor-template' REST Parameter

The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to and including 1.6.5. This is due to a flawed path traversal validation in the createtemplate method of the CheckForm class, where realpath is called on the allowed base directory...

6.5CVSS5.9AI score0.0057EPSS
Exploits0References10
CVE
CVE
added 2026/05/05 3:37 a.m.21 views

CVE-2026-5957

The CVE concerns the WordPress EmailKit plugin (versions up to and including 1.6.5). A path traversal flaw in CheckForm.php::create_template() uses realpath() on the allowed base directory (wp-content/uploads/emailkit/templates/), which may not exist, causing realpath() to return false. In PHP 8....

6.5CVSS5.9AI score0.0057EPSS
Exploits0References10
NVD
NVD
added 2026/04/24 4:16 a.m.6 views

CVE-2026-2028

The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary media file deletion due to insufficient file ownership validation on the 'maxiremovecustomimagesize' AJAX action in all versions up to, and including, 2.1.8. This makes it possible for authenticated attackers, with Author-leve...

5.3CVSS0.00318EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/24 3:27 a.m.5 views

CVE-2026-2028

The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary media file deletion due to insufficient file ownership validation on the 'maxiremovecustomimagesize' AJAX action in all versions up to, and including, 2.1.8. This makes it possible for authenticated attackers, with Author-leve...

5.3CVSS5.8AI score0.00318EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/22 7:45 a.m.31 views

CVE-2026-5820 Zypento Blocks <= 1.0.6 - Authenticated (Author+) Stored Cross-Site Scripting via Table of Contents Block

The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 1.0.6. This is due to the front-end TOC rendering script reading heading text via innerText and inserting it into the page using innerHTML...

6.4CVSS0.00227EPSS
Exploits0References3
Rows per page
Query Builder