Lucene search
K

4428 matches found

CNNVD
CNNVD
added 2026/05/02 12:0 a.m.8 views

WordPress plugin WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The WordPres...

8.1CVSS5.8AI score0.00328EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.5 views

PT-2026-36617

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via the 'wcfm delete wcfm customer' due to missing validation on the 'customerid' us...

8.1CVSS5.9AI score0.00328EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/05/01 12:0 a.m.8 views

WordPress WCFM – Frontend Manager for WooCommerce plugin <= 6.7.25 - Authenticated (Vendor+) Insecure Direct Object Reference to Arbitrary User Deletion vulnerability

Authenticated Vendor+ Insecure Direct Object Reference to Arbitrary User Deletion vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin WCFM – Frontend Manager for WooCommerce versions = 6.7.25...

8.1CVSS5.8AI score0.00328EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/04/29 9:25 p.m.6 views

MAL-2026-3183 Malicious code in @breezeai-frontend/cargo-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b36e9fa7e047ca0001c4203829c98d09f750046708527baf2f2a1538a3f5e10 The package @breezeai-frontend/cargo-ui was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/29 9:15 p.m.6 views

Malicious code in @breezeai-frontend/tailwind-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93dd597412bdae22d265ee51f76a40cefa637f09bdf73cb7ede9ac63daf05ac8 The package @breezeai-frontend/tailwind-config was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/04/29 9:15 p.m.5 views

MAL-2026-3184 Malicious code in @breezeai-frontend/tailwind-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93dd597412bdae22d265ee51f76a40cefa637f09bdf73cb7ede9ac63daf05ac8 The package @breezeai-frontend/tailwind-config was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
NVD
NVD
added 2026/04/29 12:16 p.m.4 views

CVE-2026-2902

The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'frontendrewrite' function's 'WPMETEORNWPMETEOR' placeholder content in all versions up to, and including, 3.4.16 due to insufficient input sanitization and output escaping. Th...

6.1CVSS0.00215EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/29 11:17 a.m.2 views

CVE-2026-2902 WP Meteor Website Speed Optimization Addon <= 3.4.16 - Unauthenticated Stored Cross-Site Scripting via Comment

The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'frontendrewrite' function's 'WPMETEORNWPMETEOR' placeholder content in all versions up to, and including, 3.4.16 due to insufficient input sanitization and output escaping. Th...

6.1CVSS5.5AI score0.00215EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/29 11:17 a.m.32 views

CVE-2026-2902 WP Meteor Website Speed Optimization Addon <= 3.4.16 - Unauthenticated Stored Cross-Site Scripting via Comment

The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'frontendrewrite' function's 'WPMETEORNWPMETEOR' placeholder content in all versions up to, and including, 3.4.16 due to insufficient input sanitization and output escaping. Th...

6.1CVSS0.00215EPSS
Exploits0References5
CVE
CVE
added 2026/04/29 11:17 a.m.13 views

CVE-2026-2902

The CVE-2026-2902 entry concerns the WordPress plugin WP Meteor Website Speed Optimization Addon. Affected component: the plugin’s frontend_rewrite logic uses a WPMETEOR[N]WPMETEOR placeholder, with insufficient input sanitization and output escaping, making all versions up to 3.4.16 vulnerable t...

6.1CVSS5.5AI score0.00215EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/29 11:17 a.m.3 views

CVE-2026-2902

The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'frontendrewrite' function's 'WPMETEORNWPMETEOR' placeholder content in all versions up to, and including, 3.4.16 due to insufficient input sanitization and output escaping. Th...

6.1CVSS5.5AI score0.00215EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/29 11:17 a.m.7 views

EUVD-2026-26209

The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'frontendrewrite' function's 'WPMETEORNWPMETEOR' placeholder content in all versions up to, and including, 3.4.16 due to insufficient input sanitization and output escaping. Th...

6.1CVSS5.5AI score0.00215EPSS
Exploits0References5
Veracode
Veracode
added 2026/04/29 9:39 a.m.12 views

Cache Poisoning

Spring MVC and WebFlux are vulnerable to Cache Poisoning. The vulnerability is due to improper handling of encoded resource resolution when resource chain caching is enabled, allowing attackers to store incorrectly encoded resources in the cache, which can break frontend asset delivery and lead t...

3.1CVSS5.2AI score0.00236EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2026/04/29 9:16 a.m.6 views

CVE-2026-42412

Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Frontend: from n/a through 4.3.1...

6.5CVSS0.00195EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/29 7:51 a.m.11 views

CVE-2026-42412

Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Frontend: from n/a through 4.3.1...

6.5CVSS5.1AI score0.00195EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/29 7:51 a.m.29 views

CVE-2026-42412 WordPress WP User Frontend plugin <= 4.3.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Frontend: from n/a through 4.3.1...

6.5CVSS0.00195EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/29 7:51 a.m.4 views

EUVD-2026-26195

Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Frontend: from n/a through 4.3.1...

6.5CVSS5.1AI score0.00195EPSS
Exploits0References1
CVE
CVE
added 2026/04/29 7:51 a.m.9 views

CVE-2026-42412

CVE-2026-42412 affects the WordPress plugin WP User Frontend up to version 4.3.1. The vulnerability is described as a Missing Authorization vulnerability caused by incorrectly configured access control levels (Broken Access Control). CVSS 3.1 base score is 6.5 (Network vector, Low attack complexi...

6.5CVSS5.2AI score0.00195EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/29 7:51 a.m.5 views

CVE-2026-42412 WordPress WP User Frontend plugin <= 4.3.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Frontend: from n/a through 4.3.1...

6.5CVSS5.1AI score0.00195EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.6 views

PT-2026-35880

Name of the Vulnerable Software and Affected Versions weDevs WP User Frontend versions prior to 4.3.2 Description A missing authorization issue exists due to incorrectly configured access control security levels. Recommendations Update to a version newer than 4.3.1...

6.5CVSS5.2AI score0.00195EPSS
Exploits0References5
Rows per page
Query Builder