Lucene search
K

32643 matches found

Nuclei
Nuclei
added 10 hours ago61 views

WordPress Sell Media 2.4.1 - Cross-Site Scripting

WordPress Plugin Sell Media v2.4.1 contains a cross-site scripting vulnerability in /inc/class-search.php that allows remote attackers to inject arbitrary web script or HTML via the keyword parameter aka $searchterm or the Search field. id: CVE-2019-6112 info: name: WordPress Sell Media 2.4.1 -...

6.1CVSS6.5AI score0.09221EPSS
Exploits1References5
Nuclei
Nuclei
added 10 hours ago26 views

Import Legacy Media <= 0.1 - Cross-Site Scripting

A cross-site scripting vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php. id: CVE-2014-4535 info: name: Import Legacy Media = 0.1 - Cross-Site...

6.1CVSS6.5AI score0.03983EPSS
Exploits2References4
Nuclei
Nuclei
added 10 hours ago25 views

WordPress Media Library Assistant <= 3.34 - SQL Injection

David Lingren Media Library Assistant = 3.34 contains an sql injection caused by improper neutralization of special elements in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires crafted input. id: CVE-2026-34885 info: name: WordPress Media Library Assistant = 3.34 -...

8.5CVSS6.3AI score0.01668EPSS
Exploits0References3
Nuclei
Nuclei
added 10 hours ago21 views

Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion

Media Library Assistant plugin for WordPress before 2.82 contains a local file inclusion caused by unsanitized mlagallery link parameter, letting attackers include arbitrary local files, exploit requires access to the vulnerable link. id: CVE-2020-11732 info: name: Media Library Assistant 2.82 -...

7.5CVSS7AI score0.04917EPSS
Exploits4References1
Nuclei
Nuclei
added 10 hours ago19 views

WordPress Frontend File Manager < 4.0 & N-Media Post Frontend < 1.1 - Arbitrary File Upload

The Frontend File Manager plugin 4.0 and N-Media Post Front-end Form plugin 1.1 for WordPress were vulnerable to arbitrary file uploads due to missing file type validation. This allowed unauthenticated attackers to upload arbitrary files and potentially achieve remote code execution. id:...

9.8CVSS6.3AI score0.05515EPSS
Exploits2References5
Nuclei
Nuclei
added 10 hours ago42 views

External Media without Import <=1.1.2 - Authenticated Blind Server-Side Request Forgery

WordPress External Media without Import plugin through 1.1.2 is susceptible to authenticated blind server-side request forgery. The plugin has no authorization and does not ensure that media added via URLs are external media, which can allow any authenticated users, including subscribers, to obta...

6.5CVSS6.7AI score0.02941EPSS
Exploits1References4
CVE
CVE
added yesterday7 views

CVE-2026-15594

CVE-2026-15594 affects waooAI waoowaoo up to 0.4.1, specifically the function stablePublicIdFromStorageKey in the Media Handler’s src/lib/media/hash.ts. The vulnerability arises from manipulating the storageKey, resulting in improper authorization. Reportedly exploitable from remote and requires ...

6.3CVSS5.5AI score
Exploits0References6
NVD
NVD
added yesterday8 views

CVE-2026-49970

Laravel-Mediable before 7.0.0 contains a path traversal vulnerability in the File::sanitizePath function that allows attackers to write uploaded files to arbitrary locations by controlling the directory argument passed to MediaUploader::toDestination. Attackers can exploit the permissive...

8.8CVSS
Exploits0References3
Nuclei
Nuclei
added yesterday45 views

2 Click Socialmedia Buttons < 0.34 - Cross-Site Scripting

A cross-site scripting vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter. id: CVE-2012-4273 info: name: 2 Click Socialmedia Buttons 0.34 - Cross-Site Scripti...

4.3CVSS6.2AI score0.0578EPSS
Exploits1References5
Circl
Circl
added yesterday11 views

CVE-2026-15515

creationtimestamp| type| source ---|---|--- 2026-07-13 01:29:20+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqik4jlf3e2x 2026-07-13 01:30:25+00:00| seen| https://infosec.exchange/users/offseq/statuses/116910078363580201 2026-07-13 01:30:27+00:00| seen|...

7.3CVSS7AI score0.00116EPSS
Exploits0References4
NVD
NVD
added yesterday6 views

CVE-2026-15518

A vulnerability has been found in AREA 17 Twill CMS up to 3.6.0. The impacted element is the function FileLibraryController::storeFile of the file src/Http/Controllers/Admin/FileLibraryController.php of the component Media Library Insert Page. Such manipulation of the argument qqfilename leads to...

5.8CVSS0.00248EPSS
Exploits0References5
CVE
CVE
added yesterday21 views

CVE-2026-15518

AREA 17 Twill CMS

5.8CVSS5.7AI score0.00248EPSS
Exploits0References5
Cvelist
Cvelist
added yesterday30 views

CVE-2026-15518 AREA 17 Twill CMS Media Library Insert FileLibraryController.php storeFile unrestricted upload

A vulnerability has been found in AREA 17 Twill CMS up to 3.6.0. The impacted element is the function FileLibraryController::storeFile of the file src/Http/Controllers/Admin/FileLibraryController.php of the component Media Library Insert Page. Such manipulation of the argument qqfilename leads to...

5.8CVSS0.00248EPSS
Exploits0References5
NVD
NVD
added 3 days ago7 views

CVE-2026-12126

The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Attachment 'posttitle' in all versions up to, and including, 3.7.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.0021EPSS
Exploits0References8
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-43158

The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Attachment 'posttitle' in all versions up to, and including, 3.7.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6.2AI score0.0021EPSS
Exploits0References8
Cvelist
Cvelist
added 3 days ago39 views

CVE-2026-12126 WCFM Marketplace <= 3.7.3 - Authenticated (Vendor+) Stored Cross-Site Scripting via Attachment 'post_title'

The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Attachment 'posttitle' in all versions up to, and including, 3.7.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.0021EPSS
Exploits0References8
Circl
Circl
added 3 days ago5 views

CVE-2026-56668

creationtimestamp| type| source ---|---|--- 2026-07-11 00:25:21+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdfm6nrb62e 2026-07-11 18:00:48+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mqfalk4a2i2w...

8.1CVSS6.1AI score0.00231EPSS
Exploits0References2
Nuclei
Nuclei
added 3 days ago126 views

Media Library Assistant < 3.09 - Remote Code Execution/Local File Inclusion

A vulnerability in the Wordpress Media-Library-Assistant plugins in version 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration. id: CVE-2023-4634 info: name: Media Library Assistant 3.09 - Remote Code Execution/Local File Inclusion...

9.8CVSS7AI score0.82585EPSS
Exploits6References5
Circl
Circl
added 4 days ago6 views

CVE-2026-54089

creationtimestamp| type| source ---|---|--- 2026-07-10 20:16:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqcxoiwmmg2z 2026-07-10 20:35:14+00:00| published-proof-of-concept| https://github.com/filebrowser/filebrowser/security/advisories/GHSA-xqp3-jq6g-x3qm 2026-07-11...

9.1CVSS6.1AI score0.00337EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago28 views

CVE-2026-55890 Grav: Stored CSS injection via Markdown image ?style=… reaches MediaObjectTrait::style()

Grav is a file-based Web platform. Prior to 2.0.0-rc.9, Grav's incomplete fix for stored XSS through the Markdown media attribute action CVE-2026-42841 leaves the sibling MediaObjectTrait::style method reachable through the same Markdown excerpt-action pipeline, allowing an editor to save Markdow...

4.8CVSS0.00187EPSS
Exploits0References3
Rows per page
Query Builder