Lucene search
K

15908 matches found

CVE
CVE
added 2 hours ago8 views

CVE-2026-12729

The CVE concerns the weDocs: AI Powered Knowledge Base WordPress plugin up to version 2.3.0, where the do_migration() function is exposed via the wedocs_migrate_betterdocs_to_wedocs AJAX action without nonce verification (check_ajax_referer) and without a current_user_can capability check. This a...

4.3CVSS5.6AI score
Exploits0References6
CVE
CVE
added yesterday9 views

CVE-2026-57756

CVE-2026-57756 affects the WordPress plugin nicen-localize-image

8.5CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added yesterday16 views

CVE-2026-57679 WordPress GeekyBot plugin <= 1.2.5 - SQL Injection vulnerability

Unauthenticated SQL Injection in GeekyBot = 1.2.5 versions...

9.3CVSS
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-57362

CVE-2026-57362 affects WordPress ChatBot plugin versions ≤ 8.3.2 and is described as unauthenticated reflected XSS. The CVSSv3.1 base score is 7.1 (HIGH) with network attack vector, low confidentiality/integrity/availability impact, user interaction required. The provided documents do not specify...

7.1CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added yesterday13 views

CVE-2026-57362 WordPress ChatBot plugin <= 8.3.2 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in ChatBot = 8.3.2 versions...

7.1CVSS
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-57361

The CVE-2026-57361 entry affects the WordPress Survey Maker plugin ≤ 5.2.2.5, describing an unauthenticated Cross-Site Scripting (XSS) vulnerability. The provided documents specify the vulnerable software and vulnerability type, but do not include technical details about the root cause, impact sp...

7.1CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added yesterday11 views

CVE-2026-57351 WordPress HandL UTM Grabber plugin <= 2.9.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in HandL UTM Grabber = 2.9.2 versions...

7.1CVSS
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-39448

The CVE highlights an Unauthenticated Broken Access Control issue in the WordPress NOWPayments for WooCommerce plugin, affecting versions &lt;= 1.4.0. The vulnerability type is explicitly described as Broken Access Control, with no user interaction required and no privileges granted to attackers....

7.5CVSS5.8AI score
Exploits0References1
Nuclei
Nuclei
added yesterday11 views

WordPress Grow by Tradedoubler Plugin < 2.0.22 - Unauthenticated Local File Inclusion

The Grow by Tradedoubler WordPress plugin through version 2.0.21 is vulnerable to Local File Inclusion via the component parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files. id: CVE-2024-6460 info:...

9.8CVSS6AI score0.04826EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday11 views

MemberSpace WordPress - Cross-Site Scripting

MemberSpace WordPress plugin 2.1.14 contains a reflected XSS caused by unsanitized and unescaped parameter output, letting unauthenticated attackers execute scripts, exploit requires no authentication. id: CVE-2024-13727 info: name: MemberSpace WordPress - Cross-Site Scripting author: Sourabh-Sah...

6.1CVSS7.3AI score0.00564EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday16 views

Push Notification for Post and BuddyPress <= 1.93 - SQL Injection

Push Notification for Post and BuddyPress plugin for WordPress is vulnerable to SQL Injection via the 'onesignalexternalid' and 'onesignalgetsubscriptionoptionsid' paramters in all versions up to, and including, 1.93 due to insufficient escaping on the user supplied parameter and lack of sufficie...

9.8CVSS5.8AI score0.02491EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday15 views

WP Go Maps <= 9.0.29 - Cross-Site Scripting

WP Go Maps formerly WP Google Maps plugin for WordPress versions before 9.0.30 is vulnerable to Reflected Cross-Site Scripting via the 'mapid' parameter in the admin map edit page. id: CVE-2024-29931 info: name: WP Go Maps = 9.0.29 - Cross-Site Scripting author: Shivam Kamboj severity: medium...

7.1CVSS7.3AI score0.00753EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday15 views

Transposh WordPress Translation <= 1.0.8 - Unauthenticated Settings Change

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tptranslation' AJAX action and default settings which makes it possib...

5.3CVSS6.7AI score0.03508EPSS
Exploits6References4
Nuclei
Nuclei
added yesterday16 views

Duplicate Page WordPress - Stored Cross-Site Scripting

Duplicate Page WordPress plugin = 4.4.2 contains a stored cross-site scripting caused by unsanitized Duplicate Post Suffix settings in output, letting high privilege users execute malicious scripts, exploit requires high privilege user role. id: CVE-2021-24681 info: name: Duplicate Page WordPress...

4.8CVSS5.7AI score0.0087EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday59 views

Relevanssi <= 4.24.4 (Free) - Unauthenticated SQL Injection

The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats and tags query parameters in all versions up to, and including, 4.24.4 Free and = 2.27.4 Premium due to insufficient escaping on the user supplied parameter and lack of sufficient...

7.5CVSS7.3AI score0.02626EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday8 views

WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated Options Import and Export

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import. id: CVE-2019-17232 info: name: WordPress Ultimate FAQs = 1.8.24 – Unauthenticated Options Import and Export author: daffainfo severity: high description: |...

7.5CVSS7.4AI score0.03518EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday9 views

WordPress Qwizcards < 3.95 - Cross-Site Scripting (Reflected)

The WordPress Qwizcards plugin before version 3.95 does not sanitise and escape the "themestylesheet" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting vulnerability. id: CVE-2025-6174 info: name: WordPress Qwizcards alert'randstr'" matchers...

6.1CVSS5.8AI score0.0046EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday38 views

WordPress Easy Forms for Mailchimp Plugin < 6.8.9 - Cross-Site Scripting

The Easy Forms for Mailchimp plugin before version 6.8.9 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the sqlerror parameter before outputting it back in the page when the debug option is enabled, which could allow attackers to execute...

6.1CVSS6.5AI score0.01092EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday6 views

WordPress GamiPress <= 2.5.7 - SQL Injection

The GamiPress plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.5.7 due to insufficient escaping on the user supplied parameter '$qv$fieldid' and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to...

9.8CVSS7.3AI score0.0257EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday17 views

WordPress Perfect Images (WP Retina 2x) < 6.4.6 - Sensitive Information Exposure

Jordy Meow Perfect Images Manage Image Sizes, Thumbnails, Replace, Retina versions up to 6.4.5 contain a vulnerability that exposes sensitive information to unauthorized actors, letting attackers access confidential data, exploit requires no specific conditions. id: CVE-2023-44982 info: name:...

7.5CVSS7.1AI score0.01437EPSS
Exploits0References1
Rows per page
Query Builder