Lucene search
K

45 matches found

ATTACKERKB
ATTACKERKB
added 2 days ago5 views

CVE-2026-8892

The CM Business Directory – Optimise and showcase local business plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Business Address Meta Fields in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.9AI score
Exploits0References8
ATTACKERKB
ATTACKERKB
added 3 days ago7 views

CVE-2026-57765

Contributor SQL Injection in WP EasyCart = 5.9.0 versions...

8.5CVSS5.8AI score0.0022EPSS
Exploits0References2
Patchstack
Patchstack
added 4 days ago4 views

WordPress Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress plugin <= 5.9.27 - Missing Authorization to Authenticated (Contributor+) Settings Modification vulnerability

Missing Authorization to Authenticated Contributor+ Settings Modification vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Email Subscribers & Newsletters versions = 5.9.27...

4.3CVSS5.8AI score0.00272EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/26 3:16 p.m.8 views

CVE-2026-57651

Contributor Cross Site Scripting XSS in Ghost Kit = 3.6.0 versions...

6.5CVSS0.0013EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:53 p.m.7 views

EUVD-2026-39762

Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer = 1.6.1 versions...

7.5CVSS5.8AI score0.00259EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:53 p.m.4 views

EUVD-2026-39733

Contributor Arbitrary File Deletion in H5P = 1.17.7 versions...

7.1CVSS5.8AI score0.00294EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.4 views

EUVD-2026-39728

Contributor Remote Code Execution RCE in Blocksy Companion Pro = 2.1.45 versions...

8.5CVSS5.9AI score0.00351EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52812

Name of the Vulnerable Software and Affected Versions Gallery versions prior to 4.7.9 Description An issue exists that allows for SQL Injection, a technique where malicious SQL statements are inserted into entry fields for execution, specifically affecting contributors. Recommendations Update to ...

8.5CVSS5.8AI score0.00211EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 1:12 p.m.7 views

EUVD-2026-39385

Contributor Broken Access Control in Slim SEO = 4.6.2 versions...

6.5CVSS5.8AI score0.00248EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37605

Contributor Remote Code Execution RCE in Blocksy Companion Pro = 2.1.37 versions...

9.9CVSS5.5AI score0.00541EPSS
Exploits0References2
CVE
CVE
added 2026/05/13 4:26 a.m.14 views

CVE-2026-6962

CVE-2026-6962 affects the WordPress plugin “Cost of Goods: Product Cost & Profit Calculator for WooCommerce.” Vulnerable component: the shortcodes alg_wc_cog_product_cost and alg_wc_cog_product_profit in all versions up to 4.1.0. Root cause: insufficient input sanitization and output escaping on ...

6.4CVSS6AI score0.00193EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/05/11 7:5 p.m.10 views

WordPress Forms Rb plugin <= 1.1.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary Modification vulnerability discovered by ? in WordPress Plugin Forms Rb versions = 1.1.9...

4.3CVSS5.8AI score0.00283EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 7:19 p.m.5 views

WordPress iVysilani Shortcode plugin <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'width' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'width' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin iVysilani Shortcode versions = 3.0...

6.4CVSS5.8AI score0.00243EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 7:17 p.m.6 views

WordPress WP NG Weather plugin <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP NG Weather versions = 1.0.9...

6.4CVSS5.8AI score0.00235EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/12 12:58 a.m.5 views

WordPress Gutena Forms plugin < 1.6.1 - Contributor+ Arbitrary Limited Options Update vulnerability

Contributor+ Arbitrary Limited Options Update vulnerability discovered by yiğit ibrahim sağlam in WordPress Plugin Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder versions 1.6.1...

6.8CVSS5.8AI score0.00197EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 11:29 p.m.5 views

WordPress UpMenu plugin <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'upmenu-menu' Shortcode 'lang' Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'upmenu-menu' Shortcode 'lang' Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin UpMenu versions = 3.1...

6.4CVSS5.4AI score0.00237EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/29 8:47 p.m.6 views

WordPress Relevanssi Premium plugin < 2.29.0 - Contributor+ SQLi vulnerability

Contributor+ SQLi vulnerability discovered by Drew Webber mcdruid in WordPress Plugin Relevanssi Premium versions 2.29.0...

4.9CVSS5.9AI score0.00224EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2025/09/23 5:43 p.m.4 views

Insertion of Sensitive Information Into Sent Data

Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data. An attacker can access sensitive information by leveraging contributor-level privileges to retrieve...

5.3CVSS6.5AI score0.0025EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:46 a.m.6 views

CVE-2023-23728

Auth. contributor+ Cross-Site Scripting XSS vulnerability in Winwar Media WP Flipclock plugin = 1.7.4 versions...

6.5CVSS5.8AI score0.00393EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:55 a.m.3 views

CVE-2023-1905

The WP Popups WordPress plugin before 2.1.5.1 does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

6.5CVSS6.7AI score0.00444EPSS
Exploits2References1
Rows per page
Query Builder