CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/04/04 8:25 a.m.•16 views

CVE-2026-2826 Kadence Blocks — Page Builder Toolkit for Gutenberg Editor <= 3.6.3 - Missing Authorization to Authenticated (Contributor+) Media Upload

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user has the uploadfiles capability in the processpattern REST API endpoin...

4.3CVSS0.00011EPSS

Vulnrichment•added 2026/04/04 8:25 a.m.•2 views

CVE-2026-2826 Kadence Blocks — Page Builder Toolkit for Gutenberg Editor <= 3.6.3 - Missing Authorization to Authenticated (Contributor+) Media Upload

4.3CVSS5.9AI score0.00011EPSS

Positive Technologies•added 2026/04/04 12:0 a.m.•0 views

PT-2026-30342

The Listeo Core plugin for WordPress is vulnerable to unauthenticated arbitrary media upload in all versions up to, and including, 2.0.27 via the "listeo core handle dropped media" function. This is due to missing authorization and capability checks on the AJAX endpoint handling file uploads. Thi...

5.3CVSS6.1AI score0.00041EPSS

Positive Technologies•added 2026/04/04 12:0 a.m.•3 views

PT-2026-30315

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user has the upload files capability in the process pattern REST API...

4.3CVSS5.9AI score0.00011EPSS

RedhatCVE•added 2026/03/26 3:17 p.m.•0 views

CVE-2026-32399

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Blind SQL Injection.This issue affects Media LIbrary Assistant: from n/a through = 3.32...

8.5CVSS5.9AI score0.00044EPSS

EUVD•added 2026/03/13 9:31 p.m.•0 views

EUVD-2026-11916

8.5CVSS5.8AI score0.00044EPSS

NVD•added 2026/03/13 7:54 p.m.•1 views

CVE-2026-32399

8.5CVSS0.00044EPSS

ATTACKERKB•added 2026/03/13 11:42 a.m.•0 views

CVE-2026-32399

5.8AI score0.00044EPSS

Vulnrichment•added 2026/03/13 11:42 a.m.•0 views

CVE-2026-32399 WordPress Media LIbrary Assistant plugin <= 3.32 - SQL Injection vulnerability

5.8AI score0.00044EPSS

CVE•added 2026/03/13 11:42 a.m.•2 views

CVE-2026-32399

The CVE concerns the WordPress plugin Media Library Assistant (versions n/a through

8.5CVSS5.8AI score0.00044EPSS

Cvelist•added 2026/03/13 11:42 a.m.•22 views

CVE-2026-32399 WordPress Media LIbrary Assistant plugin <= 3.32 - SQL Injection vulnerability

8.5CVSS0.00044EPSS

CNNVD•added 2026/03/13 12:0 a.m.•2 views

WordPress plugin Media LIbrary Assistant SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPre...

8.5CVSS5.9AI score0.00044EPSS

Positive Technologies•added 2026/03/13 12:0 a.m.•0 views

PT-2026-25245

🟠 CVE-2026-32399 - High Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Blind SQL Injection.... https://t.co/zIHylCK304 https://t.co/dm6dsgBVKp...

8.5CVSS5.8AI score0.00044EPSS

Exploits0References5

RedhatCVE•added 2026/03/08 7:57 a.m.•2 views

CVE-2026-1820

The Media Library Alt Text Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bvmaltscdivupdatealttext' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

EUVD•added 2026/03/07 9:30 a.m.•1 views

EUVD-2026-10132

ATTACKERKB•added 2026/03/07 7:22 a.m.•1 views

CVE-2026-1820

Cvelist•added 2026/03/07 7:22 a.m.•28 views

CVE-2026-1820 Media Library Alt Text Editor <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'post_id' Shortcode Attribute

6.4CVSS0.00043EPSS

Vulnrichment•added 2026/03/07 7:22 a.m.•0 views

CVE-2026-1820 Media Library Alt Text Editor <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'post_id' Shortcode Attribute

CVE•added 2026/03/07 7:22 a.m.•6 views

CVE-2026-1820

The CVE CVE-2026-1820 concerns the WordPress plugin Media Library Alt Text Editor, vulnerable to an authenticated Stored Cross-Site Scripting (XSS) via shortcode attributes (notably post_id and bvmalt_sc_div_update_alt_text) in versions up to 1.0.0. The issue arises from insufficient input saniti...