Lucene search
K

4429 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/15 7:46 a.m.7 views

CVE-2026-6228

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field update mechanism combined with overly permissive capabilities for the adminform post type. The...

8.8CVSS5.7AI score0.00325EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/15 7:46 a.m.13 views

EUVD-2026-30513

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field update mechanism combined with overly permissive capabilities for the adminform post type. The...

8.8CVSS5.7AI score0.00325EPSS
Exploits0References5
CVE
CVE
added 2026/05/15 7:46 a.m.35 views

CVE-2026-6228

The CVE concerns the WordPress plugin Frontend Admin by DynamiApps (up to version 3.28.36). A privilege escalation flaw arises from insufficient authorization checks in the role field update mechanism combined with permissive capabilities for the admin_form post type. The admin_form CPT uses capa...

8.8CVSS5.7AI score0.00325EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

WordPress plugin Frontend Admin by DynamiApps 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

8.8CVSS5.8AI score0.00325EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.11 views

PT-2026-41274

Name of the Vulnerable Software and Affected Versions Frontend Admin by DynamiApps versions prior to 3.28.37 Description Insufficient authorization checks in the role field update mechanism and overly permissive capabilities for the admin form post type allow for privilege escalation. The admin...

8.8CVSS5.9AI score0.00325EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/05/13 2:22 p.m.30 views

CVE-2020-37174 WOOF / Products Filter Professional for WooCommerce 1.2.3 Persistent XSS

WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering XSS payloads in design tab textfields. Attackers can inject JavaScript code through fields like 'Text for block toggle' a...

5.5CVSS0.00256EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:22 p.m.10 views

CVE-2020-37174

WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering XSS payloads in design tab textfields. Attackers can inject JavaScript code through fields like 'Text for block toggle' a...

5.5CVSS5.7AI score0.00256EPSS
Exploits0References4Affected Software1
Packet Storm News
Packet Storm News
added 2026/05/13 12:0 a.m.12 views

Security Incentivization: An Empirical Study of How Micropayments Impact Code Security

Security often receives insufficient developer attention because it does not directly generate visible value, leading to underinvestment in practice. We evaluate a countermeasure by team-level incentives tied to measurable security improvements over time. Our semi-automated mechanism aggregates...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/05/12 12:32 p.m.8 views

EUVD-2026-29450

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Ninja Forms Views Display & Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection.This issue affects Ninja Forms Views Display & Edit Ninja Forms...

8.5CVSS5.8AI score0.00223EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 11:16 a.m.18 views

CVE-2026-42741

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Ninja Forms Views Display & Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection.This issue affects Ninja Forms Views Display & Edit Ninja Forms...

8.5CVSS0.00223EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 11:2 a.m.8 views

CVE-2026-42741

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Ninja Forms Views - Display & Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection.This issue affects Ninja Forms Views - Display & Edit Ninja...

8.5CVSS5.8AI score0.00223EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 11:2 a.m.9 views

CVE-2026-42741 WordPress Ninja Forms Views – Display & Edit Ninja Forms Submissions on your site frontend plugin <= 3.3.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Ninja Forms Views Display & Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection.This issue affects Ninja Forms Views Display & Edit Ninja Forms...

8.5CVSS5.8AI score0.00223EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 11:2 a.m.42 views

CVE-2026-42741 WordPress Ninja Forms Views – Display & Edit Ninja Forms Submissions on your site frontend plugin <= 3.3.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Ninja Forms Views Display & Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection.This issue affects Ninja Forms Views Display & Edit Ninja Forms...

8.5CVSS0.00223EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.9 views

PT-2026-40008

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Ninja Forms Views Display & Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection.This issue affects Ninja Forms Views Display & Edit Ninja Forms...

8.5CVSS5.8AI score0.00223EPSS
Exploits0References2
NVD
NVD
added 2026/05/10 1:16 p.m.9 views

CVE-2021-47922

Slider by Soliloquy 2.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the title parameter. Attackers can add JavaScript payloads in the title field when creating or editing sliders, which executes in the browsers of...

6.4CVSS0.00243EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/10 12:43 p.m.8 views

CVE-2021-47922

Slider by Soliloquy 2.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the title parameter. Attackers can add JavaScript payloads in the title field when creating or editing sliders, which executes in the browsers of...

6.4CVSS5.7AI score0.00243EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/10 12:43 p.m.17 views

CVE-2021-47922

The CVE concerns the WordPress plugin Slider by Soliloquy version 2.6.2, which is reported to contain a stored cross-site scripting (XSS) vulnerability. The vulnerability occurs in the title parameter when creating or editing sliders, allowing an authenticated attacker to inject JavaScript that c...

6.4CVSS5.7AI score0.00243EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/10 12:43 p.m.14 views

CVE-2021-47922 WordPress Plugin Slider by Soliloquy 2.6.2 Stored XSS

Slider by Soliloquy 2.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the title parameter. Attackers can add JavaScript payloads in the title field when creating or editing sliders, which executes in the browsers of...

6.4CVSS5.7AI score0.00243EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/10 12:12 p.m.31 views

CVE-2022-50961 WordPress Plugin IP2Location Country Blocker 2.26.7 Stored XSS

WordPress Plugin IP2Location Country Blocker 2.26.7 contains a stored cross-site scripting vulnerability that allows authenticated users to inject arbitrary JavaScript code through the Frontend Settings interface. Attackers can inject malicious scripts in the URL field of the Display page setting...

6.4CVSS0.00191EPSS
Exploits0References3
CVE
CVE
added 2026/05/10 12:12 p.m.26 views

CVE-2022-50961

CVE-2022-50961 affects WordPress plugin IP2Location Country Blocker (v2.26.7). The stored XSS vulnerability allows authenticated users to inject arbitrary JavaScript via the Frontend Settings page, specifically by injecting scripts in the URL field of the Display page settings. The payload execut...

6.4CVSS5.9AI score0.00191EPSS
Exploits0References3
Rows per page
Query Builder