Lucene search
K

193 matches found

Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.21 views

PT-2026-36966

The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wpr update form action meta AJAX action in all versions up to, and including, 1.7.1056. This is due to insufficient input sanitization and output escaping, combined with ...

7.2CVSS6AI score0.00359EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.12 views

PT-2026-36994

Name of the Vulnerable Software and Affected Versions User Registration & Membership plugin for WordPress versions prior to 5.1.5 Description A missing capability check in the embed form action function allows authenticated attackers with Contributor-level access or higher to perform unauthorized...

4.3CVSS5.9AI score0.003EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

WordPress plugin User Registration & Membership 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

4.3CVSS5.8AI score0.003EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.11 views

CVE-2026-4024

The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wprupdateformactionmeta AJAX action in all versions up to, and including, 1.7.1056. The handler is registered on both wpajax and wpajaxnopriv hooks, maki...

5.3CVSS5.8AI score0.00501EPSS
Exploits0References1
NVD
NVD
added 2026/05/02 9:16 a.m.10 views

CVE-2026-4024

The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wprupdateformactionmeta AJAX action in all versions up to, and including, 1.7.1056. The handler is registered on both wpajax and wpajaxnopriv hooks, maki...

5.3CVSS0.00501EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/02 8:27 a.m.7 views

CVE-2026-4024

The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wprupdateformactionmeta AJAX action in all versions up to, and including, 1.7.1056. The handler is registered on both wpajax and wpajaxnopriv hooks, maki...

5.3CVSS5.8AI score0.00501EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/02 8:27 a.m.8 views

EUVD-2026-26763

The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wprupdateformactionmeta AJAX action in all versions up to, and including, 1.7.1056. The handler is registered on both wpajax and wpajaxnopriv hooks, maki...

5.3CVSS5.8AI score0.00501EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/02 8:27 a.m.37 views

CVE-2026-4024 Royal Addons for Elementor <= 1.7.1056 - Missing Authorization to Unauthenticated Form Action Meta Modification

The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wprupdateformactionmeta AJAX action in all versions up to, and including, 1.7.1056. The handler is registered on both wpajax and wpajaxnopriv hooks, maki...

5.3CVSS0.00501EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/02 8:27 a.m.6 views

CVE-2026-4024 Royal Addons for Elementor <= 1.7.1056 - Missing Authorization to Unauthenticated Form Action Meta Modification

The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wprupdateformactionmeta AJAX action in all versions up to, and including, 1.7.1056. The handler is registered on both wpajax and wpajaxnopriv hooks, maki...

5.3CVSS5.8AI score0.00501EPSS
Exploits0References7
CVE
CVE
added 2026/05/02 8:27 a.m.16 views

CVE-2026-4024

Technical details about CVE-2026-4024 are not provided in the connected documents. Public specifics (affected versions, impact, fixes) require additional sources; monitor for updates.

5.3CVSS5.8AI score0.00501EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.12 views

PT-2026-36593

Name of the Vulnerable Software and Affected Versions Royal Addons for Elementor versions prior to 1.7.1057 Description The Royal Addons for Elementor plugin for WordPress allows unauthorized modification of data due to a missing capability check on the wpr update form action meta AJAX action. Th...

5.3CVSS5.8AI score0.00501EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/03/12 2:22 a.m.26 views

CVE-2026-3657 My Sticky Bar <= 2.8.6 - Unauthenticated SQL Injection via 'stickymenu_contact_lead_form' Action

The My Sticky Bar plugin for WordPress is vulnerable to SQL injection via the stickymenucontactleadform AJAX action in all versions up to, and including, 2.8.6. This is due to the handler using attacker-controlled POST parameter names directly as SQL column identifiers in $wpdb-insert. While...

7.5CVSS0.00338EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/09 10:41 a.m.7 views

CVE-2022-26156

An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places...

6.1CVSS7.1AI score0.00713EPSS
Exploits0References1
NVD
NVD
added 2025/11/06 5:15 p.m.6 views

CVE-2025-63589

A reflected XSS vulnerability exists in CMSimpleXH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML navigation links, breadcrumbs, search form action, footer links. An attacker-controlled string placed in the...

7.1CVSS0.00323EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/11/06 12:0 a.m.11 views

CVE-2025-63589

A reflected XSS vulnerability exists in CMSimpleXH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML navigation links, breadcrumbs, search form action, footer links. An attacker-controlled string placed in the...

0.00323EPSS
Exploits1References2
OSV
OSV
added 2025/11/06 12:0 a.m.5 views

CVE-2025-63589

A reflected XSS vulnerability exists in CMSimpleXH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML navigation links, breadcrumbs, search form action, footer links. An attacker-controlled string placed in the...

7.1CVSS6.2AI score0.00323EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/11/05 6:0 a.m.10 views

CVE-2025-10873 Elementinvader Addons for Elementor < 1.4.1 – Unauthenticated Arbitrary Email Sending

The ElementInvader Addons for Elementor WordPress plugin before 1.4.1 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses due to missing authorization on the elementinvaderaddonsforelementorformssendform action...

0.00224EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-36588

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.0038EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-30722

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00713EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 5:11 a.m.7 views

CVE-2023-32344

IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898...

4.3CVSS6.4AI score0.0038EPSS
Exploits0References1
Rows per page
Query Builder