Lucene search
K

457690 matches found

Cvelist
Cvelist
added 2026/06/17 9:50 a.m.28 views

CVE-2026-39596 WordPress Blocksy Companion Pro plugin < 2.1.29 - SQL Injection vulnerability

Unauthenticated SQL Injection in Blocksy Companion Pro 2.1.29 versions...

9.3CVSS0.00372EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:50 a.m.9 views

CVE-2026-39596

The CVE covers WordPress Blocksy Companion Pro plugin, vulnerable in versions

9.3CVSS5.7AI score0.00372EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:50 a.m.7 views

CVE-2026-39573

CVE-2026-39573 : Unauthenticated PHP Object Injection in WordPress Mildhill theme &lt;= 1.5. Affected component: Mildhill theme (WordPress). Root cause: PHP Object Injection vulnerability. Impact: high across confidentiality, integrity, and availability (CVSSv3.1: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/...

8.1CVSS5.3AI score0.00395EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.26 views

CVE-2026-39573 WordPress Mildhill theme <= 1.5 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Mildhill = 1.5 versions...

8.1CVSS0.00395EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.26 views

CVE-2026-39545 WordPress Zermatt theme <= 1.6.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Zermatt = 1.6.1 versions...

8.1CVSS0.00395EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:50 a.m.10 views

CVE-2026-39545

The CVE-2026-39545 entry affects the WordPress Zermatt theme (versions &lt;= 1.6.1) and describes an unauthenticated PHP Object Injection vulnerability in Zermatt

8.1CVSS5.3AI score0.00395EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:50 a.m.8 views

CVE-2026-22340

CVE-2026-22340: Unauthenticated SQL Injection in WordPress WPJobster theme

9.3CVSS5.7AI score0.00372EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.27 views

CVE-2026-22340 WordPress WPJobster theme <= 6.3.5 - SQL Injection vulnerability

Unauthenticated SQL Injection in WPJobster = 6.3.5 versions...

9.3CVSS0.00372EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.26 views

CVE-2026-22335 WordPress WooCommerce Frontend Manager – Ultimate plugin < 6.7.7 - SQL Injection vulnerability

Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate 6.7.7 versions...

8.5CVSS0.00347EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:50 a.m.9 views

CVE-2026-22335

The CVE CVE-2026-22335 affects WordPress: WooCommerce Frontend Manager – Ultimate (wc-frontend-manager-ultimate) versions below 6.7.7. It is a SQL Injection vulnerability exploitable by an authenticated subscriber, with a CVSS base score of 8.5 per Patchstack (high impact: confidentiality) and 6....

8.5CVSS5.7AI score0.00347EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:50 a.m.10 views

CVE-2026-22332

CVE-2026-22332 covers an unauthenticated SQL injection in WordPress Tutor LMS Pro plugin versions up to 3.9.6. The CVE entry and Patchstack reference document this vulnerability (including a CVSS v3.1 base score of 9.3, CRITICAL) affecting Tutor LMS Pro &lt;=3.9.6, with exploitation status not pr...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.30 views

CVE-2026-22332 WordPress Tutor LMS Pro plugin <= 3.9.6 - SQL Injection vulnerability

Unauthenticated SQL Injection in Tutor LMS Pro = 3.9.6 versions...

9.3CVSS0.00283EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:50 a.m.17 views

CVE-2025-69135

Technical details (affected plugin version range, root cause, impact, remediation) are not publicly available in the provided connected documents. Monitor for updates; current sources do not specify vulnerable functions or fixes.

8.5CVSS5.7AI score0.00342EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.28 views

CVE-2025-69135 WordPress Events Schedule - WordPress Events Calendar Plugin plugin <= 2.7.2 - SQL Injection vulnerability

Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin = 2.7.2 versions...

8.5CVSS0.00342EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:50 a.m.8 views

CVE-2025-60205

The CVE-2025-60205 entry concerns WordPress ThemeREX Addons plugin version

9.8CVSS5.3AI score0.00525EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.28 views

CVE-2025-60205 WordPress ThemeREX Addons plugin <= 2.36.1.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in ThemeREX Addons = 2.36.1.1 versions...

9.8CVSS0.00525EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:30 a.m.29 views

CVE-2026-12115 Counter Box <= 2.0.13 - Authenticated (Administrator+) PHP Object Injection via Import

The Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.13 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level...

6.6CVSS0.00535EPSS
Exploits0References6
CVE
CVE
added 2026/06/17 9:30 a.m.15 views

CVE-2026-12115

The vulnerability CVE-2026-12115 affects the WordPress plugin Counter Box (versions up to 2.0.13). It allows PHP Object Injection via deserialization of untrusted input and requires authenticated access at Administrator+ level. Deserialization occurs automatically during the post-import redirect ...

6.6CVSS6AI score0.00535EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/17 8:13 a.m.28 views

CVE-2026-27870 CROSS-SITE SCRIPTING (XSS) VIA MALICIOUS FILE UPLOAD ON REGESTA SMART HD-PLC OF TELDAT

An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat in this case, registration action IS required who has the vulnerable software could, introduce arbitrary JavaScript by injecting a Cross-site Scripting XSS payload into the 'Hostname' field of the configuration...

4.8CVSS0.00293EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/17 7:19 a.m.32 views

CVE-2026-28576

In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS0.00148EPSS
Exploits0References1
Rows per page
Query Builder