Lucene search
K

850 matches found

NVD
NVD
added 5 days ago8 views

CVE-2026-12685

The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator emai...

7.5CVSS0.00222EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42830

The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator emai...

7.5CVSS6AI score0.00222EPSS
Exploits0References1
CVE
CVE
added 5 days ago9 views

CVE-2026-12685

The CVE describes a backdoor in the EscortWP escortwp WordPress theme up to version 3.6.2. The backdoor is vendor-authored and obfuscated, allowing an unauthenticated attacker who supplies a hard-coded per-build key to permanently delete all site content. It also covertly transmits the site URL, ...

7.5CVSS5.8AI score0.00222EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-12685

The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator emai...

7.5CVSS6AI score0.00222EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-12685 EscortWP <= 3.6.2 - Content Deletion via Vendor-Authored Backdoor

The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator emai...

0.00222EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 11:43 p.m.5 views

MINI-5J9C-VHF8-PM8H

Bulletin has no description...

5.7AI score
Exploits0
NVD
NVD
added 2026/06/18 6:16 a.m.15 views

CVE-2026-11357

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.7.5 via the editorassetsvariables. This makes it possible for authenticated attackers, with contributor-level access and abov...

4.3CVSS0.00243EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/18 4:31 a.m.5 views

CVE-2026-11357

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.7.5 via the editorassetsvariables. This makes it possible for authenticated attackers, with contributor-level access and abov...

4.3CVSS5.3AI score0.00243EPSS
Exploits0References9
CVE
CVE
added 2026/06/18 4:31 a.m.28 views

CVE-2026-11357

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress (versions up to and including 3.7.5) contains a Sensitive Information Exposure flaw in editor_assets_variables. Authenticated attackers with contributor-level access can extract license key, license owner email, a...

4.3CVSS5.3AI score0.00243EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/18 4:31 a.m.29 views

CVE-2026-11357 Kadence Blocks <= 3.7.5 - Authenticated (Contributor+) Sensitive Information Exposure via Block Editor proData Localization

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.7.5 via the editorassetsvariables. This makes it possible for authenticated attackers, with contributor-level access and abov...

4.3CVSS0.00243EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.10 views

CVE-2026-1631

The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...

5.4CVSS5.5AI score0.00231EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 7:43 a.m.28 views

CVE-2026-7526

The CVE-2026-7526 entry concerns the WordPress PDF Embedder plugin (versions up to and including 4.9.3). The vulnerability is a Sensitive Information Exposure via enqueue_block_assets, allowing authenticated attackers with contributor-level access and above to extract configuration data. License ...

4.3CVSS5.8AI score0.00376EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/28 7:43 a.m.12 views

CVE-2026-7526

The PDF Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.9.3 via the enqueueblockassets. This makes it possible for authenticated attackers, with contributor-level access and above, to extract configuration data. License key...

4.3CVSS5.8AI score0.00376EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/28 7:43 a.m.11 views

CVE-2026-7526 PDF Embedder <= 4.9.3 - Authenticated (Contributor+) Information Exposure via Block Editor Page

The PDF Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.9.3 via the enqueueblockassets. This makes it possible for authenticated attackers, with contributor-level access and above, to extract configuration data. License key...

4.3CVSS5.8AI score0.00376EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/28 7:43 a.m.35 views

CVE-2026-7526 PDF Embedder <= 4.9.3 - Authenticated (Contributor+) Information Exposure via Block Editor Page

The PDF Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.9.3 via the enqueueblockassets. This makes it possible for authenticated attackers, with contributor-level access and above, to extract configuration data. License key...

4.3CVSS0.00376EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.29 views

PT-2026-44218

The PDF Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.9.3 via the enqueue block assets. This makes it possible for authenticated attackers, with contributor-level access and above, to extract configuration data. License key...

4.3CVSS5.8AI score0.00376EPSS
Exploits0References7
CVE
CVE
added 2026/05/27 5:31 a.m.35 views

CVE-2026-8938

The CVE-2026-8938 entry concerns the WordPress plugin “auto making JSON-LD” (versions

4.3CVSS5.7AI score0.0014EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/27 5:31 a.m.36 views

CVE-2026-8938 auto making JSON-LD <= 4.5.3 - Cross-Site Request Forgery to Plugin Certification Settings via Nonce Validation Bypass

The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJLcertification function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS0.0014EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/27 5:31 a.m.9 views

CVE-2026-8938 auto making JSON-LD <= 4.5.3 - Cross-Site Request Forgery to Plugin Certification Settings via Nonce Validation Bypass

The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJLcertification function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 5:31 a.m.11 views

EUVD-2026-32060

The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJLcertification function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References3
Rows per page
Query Builder