Lucene search
K

4430 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/11 6:0 a.m.4 views

CVE-2026-1867

The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting / Frontend...

5.8AI score0.00221EPSS
Exploits0References1
CVE
CVE
added 2026/03/11 6:0 a.m.8 views

CVE-2026-1867

The CVE concerns the WordPress plugin Guest posting / Frontend Posting / Front Editor, vulnerable before version 5.0.6. An unauthenticated attacker can trigger export of all form data/settings (including the administrator’s email) by passing a URL parameter to regenerate a .json file derived from...

5.9CVSS5.8AI score0.00221EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/11 12:13 a.m.4 views

Cross-site Scripting (XSS)

Overview sylius/sylius is a platform for PHP, based on Symfony framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering of entity names within various frontend and admin panel components, such as breadcrumbs, taxon pickers, and autocomplete fields,...

4.8CVSS5.7AI score0.00142EPSS
Exploits0References2
OSV
OSV
added 2026/03/11 12:13 a.m.4 views

GHSA-MX4Q-XXC9-PF5Q Sylius Vulnerable to Authenticated Stored XSS

Impact An authenticated stored cross-site scripting XSS vulnerability exists in multiple places across the shop frontend and admin panel due to unsanitized entity names being rendered as raw HTML. Shop breadcrumbs shared/breadcrumbs.html.twig: The breadcrumbs macro uses the Twig |raw filter on...

4.8CVSS5.9AI score0.00142EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.4 views

WordPress plugin Guest posting / Frontend Posting / Front Editor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

5.9CVSS5.8AI score0.00221EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/10 11:3 a.m.5 views

WordPress WP User Frontend plugin <= 4.2.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin WP User Frontend versions = 4.2.5...

6.5CVSS5.8AI score0.00311EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.8 views

Sylius 跨站脚本漏洞

Sylius is an open-source e-commerce platform developed by the Polish company Sylius, based on the Symfony framework. Sylius has a cross-site scripting vulnerability. This vulnerability arises from the fact that entity names are rendered as raw HTML at multiple locations in both the store frontend...

4.8CVSS5.7AI score0.00142EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/09 6:31 p.m.3 views

EUVD-2025-208425

An issue pertaining to CWE-829: Inclusion of Functionality from Untrusted Control Sphere was discovered in Miazzy oa-front-service master...

5.8AI score0.00359EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/08 7:56 a.m.6 views

CVE-2026-2420

The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...

4.4CVSS5.7AI score0.00193EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/08 1:44 a.m.6 views

CVE-2026-1644

The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing nonce validation on the 'updateaction' function. This makes it possible for unauthenticated attackers to approve or reject user account...

4.3CVSS5.8AI score0.0016EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/03/07 2:12 p.m.132 views

SQLI-frontend

...

5.8AI score
Exploits0
NVD
NVD
added 2026/03/07 8:16 a.m.5 views

CVE-2026-2420

The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...

4.4CVSS0.00193EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/07 12:30 a.m.6 views

EUVD-2026-10089

The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing nonce validation on the 'updateaction' function. This makes it possible for unauthenticated attackers to approve or reject user account...

4.3CVSS5.8AI score0.0016EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/03/07 12:18 a.m.7 views

WordPress WP Frontend Profile plugin <= 1.3.8 - Cross-Site Request Forgery to Unauthorized User Account Approval or Rejection vulnerability

Cross-Site Request Forgery to Unauthorized User Account Approval or Rejection vulnerability discovered by johska in WordPress Plugin WP Frontend Profile versions = 1.3.8...

4.3CVSS5.8AI score0.0016EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.7 views

PT-2026-23846

The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...

4.4CVSS5.7AI score0.00193EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/07 12:0 a.m.5 views

WordPress plugin WP Frontend Profile 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.7AI score0.0016EPSS
Exploits0References5
CVE
CVE
added 2026/03/06 11:22 p.m.11 views

CVE-2026-1644

CVE-2026-1644 pertains to the WP Frontend Profile plugin for WordPress, affected through version 1.3.8. The root cause is missing nonce validation in the update_action function, enabling Cross-Site Request Forgery. This allows unauthenticated attackers to influence user account registrations (app...

4.3CVSS5.8AI score0.0016EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/06 11:22 p.m.5 views

CVE-2026-1644 WP Frontend Profile <= 1.3.8 - Cross-Site Request Forgery to Unauthorized User Account Approval or Rejection

The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing nonce validation on the 'updateaction' function. This makes it possible for unauthenticated attackers to approve or reject user account...

4.3CVSS5.8AI score0.0016EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/06 11:22 p.m.5 views

CVE-2026-1644

The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing nonce validation on the 'updateaction' function. This makes it possible for unauthenticated attackers to approve or reject user account...

4.3CVSS5.8AI score0.0016EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/06 11:22 p.m.34 views

CVE-2026-1644 WP Frontend Profile <= 1.3.8 - Cross-Site Request Forgery to Unauthorized User Account Approval or Rejection

The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing nonce validation on the 'updateaction' function. This makes it possible for unauthenticated attackers to approve or reject user account...

4.3CVSS0.0016EPSS
Exploits0References4
Rows per page
Query Builder