Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

CVE
CVEadded 2026/05/20 1:25 a.m.14 views

CVE-2026-6456

The CVE-2026-6456 entry documents a Privilege Escalation in the WordPress Account Switcher plugin up to version 1.0.2. The root cause is the rememberLogin REST API endpoint using a loose comparison (!=) instead of strict (!==) for secret validation at app/RestAPI.php:111, plus validation that the...

8.8CVSS5.8AI score0.00396EPSS
Exploits0References4
NVD
NVDadded 2026/05/12 9:16 a.m.14 views

CVE-2026-6708

The HEL Online Classroom: AI-powered Online Classrooms plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.3. This is due to a missing capability check on a REST API endpoint registered with a permissioncallback of 'returntrue', which bypasses all...

5.3CVSS0.0031EPSS
Exploits0References5
CNNVD
CNNVDadded 2026/02/27 12:0 a.m.6 views

WordPress plugin WP Recipe Maker 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.9AI score0.00253EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/02/17 12:0 a.m.8 views

PT-2026-20278

Name of the Vulnerable Software and Affected Versions Slider Future versions up to and including 1.0.5 Description The Slider Future plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the slider future handle image upload function. This...

9.8CVSS6AI score0.03177EPSS
Exploits2References9
Cvelist
Cvelistadded 2025/05/31 6:40 a.m.30 views

CVE-2025-4672 Offsprout Page Builder 2.2.1 - 2.15.2 - Authenticated (Contributor+) Privilege Escalation via permission_callback Function

The Offsprout Page Builder plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization placed on the permissioncallback function in versions 2.2.1 to 2.15.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to read, create,...

8.8CVSS0.00343EPSS
Exploits0References4
BDU FSTEC
BDU FSTECadded 2024/12/19 12:0 a.m.1 views

The vulnerability of the permission_callback function in the Hunk Companion plugin of the WordPress content management system allows a hacker to execute XSS attacks.

The vulnerability of the permissioncallback function in the Hunk Companion plugin of the WordPress content management system is related to the absence of authentication. Exploiting this vulnerability could allow a malicious actor to carry out XSS attacks...

10CVSS8AI score0.54754EPSS
Exploits5References6Affected Software1
Rows per page
Query Builder