Lucene search
K

4526 matches found

Patchstack
Patchstack
added 2026/05/01 8:11 p.m.5 views

WordPress Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin <= 1.7.1056 - Missing Authorization to Unauthenticated Form Action Meta Modification vulnerability

Missing Authorization to Unauthenticated Form Action Meta Modification vulnerability discovered by Nguyen C in WordPress Plugin Royal Elementor Addons versions = 1.7.1056...

5.3CVSS5.8AI score0.00501EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/01 9:31 a.m.8 views

WordPress Meta Field Block – Display custom fields in the Block Editor without coding plugin <= 1.3.3 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Meta Field Block versions = 1.3.3...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/01 9:15 a.m.8 views

WordPress WP Meta and Date Remover plugin <= 2.3.4 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WP Meta and Date Remover versions = 2.3.4...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/01 6:16 a.m.4 views

CVE-2026-6127

The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the elementordata meta field in versions up to, and including, 4.0.4. This is due to insufficient input sanitization when processing form-encoded REST API requests. The plugin registers the...

6.4CVSS0.00225EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/01 5:29 a.m.3 views

EUVD-2026-26479

The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the elementordata meta field in versions up to, and including, 4.0.4. This is due to insufficient input sanitization when processing form-encoded REST API requests. The plugin registers the...

6.4CVSS5.5AI score0.00225EPSS
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/27 2:15 p.m.8 views

Malicious code in @apiary-annex/meta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector beaea0c4666896c82c0b26b3e24708dbf4e2f28425735b67b5e723802337d51e The package @apiary-annex/meta was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.6 views

PT-2026-35423

Name of the Vulnerable Software and Affected Versions Meta Box – WordPress Custom Fields Framework versions prior to 5.11.2 Description A flaw allows users with contributor privileges to perform arbitrary file deletion. Recommendations Update to version 5.11.2 or later...

6.8CVSS5.4AI score0.00355EPSS
Exploits0References3
Fedora
Fedora
added 2026/04/25 1:55 a.m.7 views

[SECURITY] Fedora 44 Update: qt6-6.10.3-1.fc44

Qt6 meta package...

5.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/23 8:38 p.m.6 views

CVE-2026-4088

The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wppwctabox' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user-supplied post meta values including 'ctaboxbuttonlink',...

6.4CVSS5.9AI score0.00354EPSS
Exploits0References1
NVD
NVD
added 2026/04/23 4:16 a.m.4 views

CVE-2026-3361

The WP Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpsladdress' post meta value in versions up to, and including, 2.2.261 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00152EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/23 3:26 a.m.2 views

CVE-2026-3361 WP Store Locator <= 2.2.261 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpsl_address' Post Meta

The WP Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpsladdress' post meta value in versions up to, and including, 2.2.261 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.9AI score0.00152EPSS
Exploits0References2
CVE
CVE
added 2026/04/23 3:26 a.m.21 views

CVE-2026-3361

CVE-2026-3361 affects the WordPress plugin WP Store Locator (versions up to 2.2.261). It describes a Stored Cross-Site Scripting vulnerability through the post meta field wpsl_address , caused by insufficient input sanitization and output escaping. The issue enables authenticated users with contr...

6.4CVSS5.9AI score0.00152EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/04/23 3:25 a.m.10 views

WordPress WP Store Locator plugin <= 2.2.261 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpsl_address' Post Meta vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'wpsladdress' Post Meta vulnerability discovered by kai63001 in WordPress Plugin WP Store Locator versions = 2.2.261...

6.4CVSS5.8AI score0.00152EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.13 views

PT-2026-38565

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description URLs are not correctly escaped within the content attribute of a tag. If the URL content contains ASCII whitespaces around the = rune, the escaper fails to proce...

9.8CVSS5.8AI score0.00314EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.5 views

PT-2026-34631

The WP Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpsl address' post meta value in versions up to, and including, 2.2.261 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.9AI score0.00152EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/22 9:31 a.m.6 views

EUVD-2026-24652

The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wppwctabox' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user-supplied post meta values including 'ctaboxbuttonlink',...

6.4CVSS5.9AI score0.00354EPSS
Exploits0References10
NVD
NVD
added 2026/04/22 9:16 a.m.3 views

CVE-2026-4088

The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wppwctabox' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user-supplied post meta values including 'ctaboxbuttonlink',...

6.4CVSS0.00354EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/04/22 7:45 a.m.5 views

CVE-2026-4088 Switch CTA Box <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wppwctabox' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user-supplied post meta values including 'ctaboxbuttonlink',...

6.4CVSS5.9AI score0.00354EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/04/22 7:45 a.m.6 views

CVE-2026-4088

The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wppwctabox' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user-supplied post meta values including 'ctaboxbuttonlink',...

6.4CVSS5.9AI score0.00354EPSS
Exploits0References10
Packet Storm News
Packet Storm News
added 2026/04/22 12:0 a.m.10 views

Towards Certified Malware Detection: Provable Guarantees against Evasion Attacks

Machine learning-based static malware detectors remain vulnerable to adversarial evasion techniques, such as metamorphic engine mutations. To address this vulnerability, we propose a certifiably robust malware detection framework based on randomized smoothing through feature ablation and targeted...

5.8AI score
Exploits0
Rows per page
Query Builder