Lucene search
K

3986 matches found

Nuclei
Nuclei
added yesterday14 views

RiteCMS 3.0.0 - Cross-site Scripting

RiteCMS v3.0.0 contains a reflected XSS caused by unsanitized input in the mainmenu/editsection component, letting attackers execute arbitrary scripts in the context of the victim's browser. id: CVE-2024-28623 info: name: RiteCMS 3.0.0 - Cross-site Scripting author: 0xAkoko severity: medium...

6.1CVSS6AI score0.01317EPSS
Exploits4References2
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-9676 f4 Post Tree < 2.0.5 - Subscriber+ Arbitrary Post Parent/Menu Order Modification

The F4 Post Tree WordPress plugin before 2.0.5 does not perform capability checks or CSRF/nonce verification on one of its AJAX actions, allowing authenticated users with Subscriber-level access and above to modify the parent and menu order of arbitrary posts...

0.00102EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-9676

The F4 Post Tree WordPress plugin before 2.0.5 does not perform capability checks or CSRF/nonce verification on one of its AJAX actions, allowing authenticated users with Subscriber-level access and above to modify the parent and menu order of arbitrary posts...

5.9AI score0.00102EPSS
Exploits0References1
NVD
NVD
added 6 days ago10 views

CVE-2026-11356

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'menutitle' and 'menumagnifiercolor' Settings in all versions up to, and including, 5.5.15 due to insufficient input sanitization and output escaping. This makes it possible for...

4.4CVSS0.00251EPSS
Exploits0References10
EUVD
EUVD
added 6 days ago12 views

EUVD-2026-39931

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'menutitle' and 'menumagnifiercolor' Settings in all versions up to, and including, 5.5.15 due to insufficient input sanitization and output escaping. This makes it possible for...

4.4CVSS5.9AI score0.00251EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 6 days ago8 views

CVE-2026-11356

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'menutitle' and 'menumagnifiercolor' Settings in all versions up to, and including, 5.5.15 due to insufficient input sanitization and output escaping. This makes it possible for...

4.4CVSS5.9AI score0.00251EPSS
Exploits0References11
Cvelist
Cvelist
added 6 days ago39 views

CVE-2026-11356 Ivory Search <= 5.5.15 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu_title' and 'menu_magnifier_color' Settings

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'menutitle' and 'menumagnifiercolor' Settings in all versions up to, and including, 5.5.15 due to insufficient input sanitization and output escaping. This makes it possible for...

4.4CVSS0.00251EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-53038

Name of the Vulnerable Software and Affected Versions Ivory Search – WordPress Search Plugin versions prior to 5.5.16 Description Insufficient input sanitization and output escaping allow authenticated attackers with administrator-level access and above to perform Stored Cross-Site Scripting XSS...

4.4CVSS6AI score0.00251EPSS
Exploits0References14
NVD
NVD
added last week8 views

CVE-2026-48800

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag text content inside in shortcuts.xml is read by NppXml::valueaNode Parameters.cpp:3658 in the feedUserCmds function and stored in UserCommand.cmd without any validation. When the user clicks the corresponding entry ...

7.8CVSS0.0036EPSS
Exploits3References2
Cvelist
Cvelist
added last week26 views

CVE-2026-48800 Notepad++: Arbitrary Code Execution via shortcuts.xml UserCommand Injection

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag text content inside in shortcuts.xml is read by NppXml::valueaNode Parameters.cpp:3658 in the feedUserCmds function and stored in UserCommand.cmd without any validation. When the user clicks the corresponding entry ...

7.8CVSS0.0036EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added last week12 views

CVE-2026-48800

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag text content inside in shortcuts.xml is read by NppXml::valueaNode Parameters.cpp:3658 in the feedUserCmds function and stored in UserCommand.cmd without any validation. When the user clicks the corresponding entry ...

7.8CVSS5.8AI score0.0036EPSS
Exploits3References3Affected Software1
EUVD
EUVD
added last week7 views

EUVD-2025-210352

Subscriber Broken Access Control in Restaurant Menu by MotoPress = 2.4.11 versions...

4.3CVSS5.8AI score0.00243EPSS
Exploits0References2
NVD
NVD
added last week7 views

CVE-2026-57644

Contributor SQL Injection in Restaurant Menu by MotoPress = 2.4.10 versions...

8.5CVSS0.00211EPSS
Exploits0References1
NVD
NVD
added last week7 views

CVE-2026-54835

Unauthenticated Broken Access Control in Five Star Restaurant Menu = 2.5.2 versions...

7.5CVSS0.00238EPSS
Exploits0References1
NVD
NVD
added last week8 views

CVE-2025-63078

Subscriber Broken Access Control in Restaurant Menu by MotoPress = 2.4.11 versions...

4.3CVSS0.00243EPSS
Exploits0References1
Cvelist
Cvelist
added last week30 views

CVE-2026-57644 WordPress Restaurant Menu by MotoPress plugin <= 2.4.10 - SQL Injection vulnerability

Contributor SQL Injection in Restaurant Menu by MotoPress = 2.4.10 versions...

8.5CVSS0.00211EPSS
Exploits0References1
CVE
CVE
added last week8 views

CVE-2026-57644

CVE-2026-57644 describes a SQL Injection in the WordPress plugin “Restaurant Menu by MotoPress” for versions

8.5CVSS5.8AI score0.00211EPSS
Exploits0References1
EUVD
EUVD
added last week6 views

EUVD-2026-39759

Contributor SQL Injection in Restaurant Menu by MotoPress = 2.4.10 versions...

8.5CVSS5.8AI score0.00211EPSS
Exploits0References1
CVE
CVE
added last week15 views

CVE-2026-54835

CVE-2026-54835 concerns the WordPress plugin Five Star Restaurant Menu (versions

7.5CVSS5.8AI score0.00238EPSS
Exploits0References1
Cvelist
Cvelist
added last week32 views

CVE-2026-54835 WordPress Five Star Restaurant Menu plugin <= 2.5.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Five Star Restaurant Menu = 2.5.2 versions...

7.5CVSS0.00238EPSS
Exploits0References1
Rows per page
Query Builder