Lucene search
K

1459 matches found

Nuclei
Nuclei
added yesterday7 views

EventON Lite <= 2.4 - Authenticated Local File Inclusion

Ashan Perera EventON contains a PHP remote file inclusion caused by improper control of filename in include/require statements, letting attackers include local files, exploit requires attacker to control include filename. id: CVE-2025-32614 info: name: EventON Lite = 2.4 - Authenticated Local Fil...

8.8CVSS7AI score0.01833EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday37 views

Email Subscribers & Newsletters <= 5.3.1 - Authenticated SQL Injection

The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the order and orderby parameters to the ajaxfetchreportlist action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protecti...

8.8CVSS7AI score0.04184EPSS
Exploits3References2
CVE
CVE
added 2 days ago11 views

CVE-2026-13262

CVE-2026-13262 affects the Majestic Support WordPress plugin (up to version 1.1.9). The issue is a generic SQL injection in the val parameter caused by insufficient escaping and lack of proper query preparation, allowing an attacker to append additional SQL to existing queries and potentially ext...

6.5CVSS6.1AI score0.00352EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 3 days ago5 views

CVE-2026-15285

The Plus Addons for Elementor plugin for WordPress was vulnerable to Authenticated Contributor+ Stored Cross-Site Scripting via the Button widget's customattributes setting in versions up to and including 6.4.11. The render function in modules/widgets/tpbutton.php passed the raw customattributes...

6.4CVSS5.9AI score0.00261EPSS
Exploits0References6
Patchstack
Patchstack
added 4 days ago4 views

WordPress Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin <= 1.24.1 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin Mail Mint versions = 1.24.1...

4.9CVSS6.1AI score0.00319EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 4 days ago6 views

WordPress Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress plugin <= 3.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Jeg Elementor Kit versions = 3.2.6...

6.4CVSS6.1AI score0.00206EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 4 days ago5 views

WordPress Hostel plugin <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Hostel versions = 1.1.7...

6.4CVSS6.1AI score0.00206EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 4 days ago5 views

WordPress Highlighting Code Block plugin <= 2.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Chinnapak Charoensiri in WordPress Plugin Highlighting Code Block versions = 2.2.0...

4.4CVSS6.1AI score0.00208EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 4 days ago4 views

WordPress Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms plugin <= 1.26.12 - Authenticated (Admin+) Local File Inclusion vulnerability

Authenticated Admin+ Local File Inclusion vulnerability discovered by Rahul Sreenivasan Tr0j4n in WordPress Plugin Happyforms versions = 1.26.12...

6.6CVSS6.1AI score0.00516EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-56276

Name of the Vulnerable Software and Affected Versions LiquidFiles version 4.2.7 Description An authenticated stored cross-site scripting XSS issue exists in the Upload File Shares API. This allows an attacker to execute arbitrary Javascript or HTML by injecting a crafted payload into the Name...

5.4CVSS6.3AI score0.00141EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/04 11:33 a.m.37 views

CVE-2026-12195

myVesta is affected by an authenticated remote code execution vulnerability. Low privileged users can insert arbitrary commands as a part of the vftpuser parameter when deleting FTP usernames. This could result in the execution of commands as the admin user or takevoer of the admin user in myVest...

8.5CVSS0.00656EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/07/02 4:10 p.m.5 views

WordPress CM Business Directory – Optimise and showcase local business plugin <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin CM Business Directory versions = 1.5.7...

6.4CVSS5.9AI score0.00212EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/07/02 4:6 p.m.13 views

CVE-2026-53422 SFTP REALPATH path-existence oracle allowing filesystem enumeration outside configured root

Observable Response Discrepancy vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to enumerate the existence of files and directories outside the configured root directory. The SSHFXPREALPATH handler in sshsftpd calls relatefilename/3 with Canonicalize=false, unlik...

2.3CVSS5.8AI score0.00262EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/02 2:50 p.m.12 views

EUVD-2026-41399

A malicious actor with access to the network and low privileges could exploit an authenticated SQL Injection vulnerability found in UniFi Protect Application to escalate privileges on the host device...

8.8CVSS5.8AI score0.00249EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:49 p.m.8 views

CVE-2026-54404

A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS devices or instances...

8.8CVSS5.8AI score0.00249EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/07/02 12:0 p.m.5 views

WordPress Reviews Widgets for Google, TripAdvisor, Yelp & Recommendations plugin <= 2.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ilkeggs in WordPress Plugin Trust.Reviews versions = 2.7.3...

6.4CVSS5.9AI score0.00193EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/07/02 11:58 a.m.5 views

WordPress weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by PRISM in WordPress Plugin weDocs versions = 2.3.0...

6.4CVSS5.9AI score0.00206EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/07/01 5:15 p.m.5 views

WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 4.16.1 - Authenticated (Give Worker+) Stored Cross-Site Scripting vulnerability

Authenticated Give Worker+ Stored Cross-Site Scripting vulnerability discovered by Chirita Catalin-Andrei CC99IE - aisafe.io in WordPress Plugin GiveWP versions = 4.16.1...

6.4CVSS5.8AI score0.00235EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/07/01 12:0 a.m.5 views

WordPress WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin <= 7.11 - Authenticated (Administrator+) OS Command Injection vulnerability

Authenticated Administrator+ OS Command Injection vulnerability discovered by Irwan Kusuma - wanjay in WordPress Plugin WP Database Backup versions = 7.11...

7.2CVSS5.8AI score0.01588EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/30 9:28 p.m.7 views

WordPress WP Photo Album Plus plugin <= 9.1.13.005 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Photo Album Plus versions = 9.1.13.005...

6.4CVSS5.8AI score0.00241EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder