Lucene search
K

15919 matches found

Patchstack
Patchstack
added 2026/06/18 2:33 p.m.5 views

WordPress Stylish Cost Calculator plugin <= 8.3.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ParkHyunWoo in WordPress Plugin Stylish Cost Calculator versions = 8.3.9...

7.5CVSS5.8AI score0.00278EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/06/18 2:2 p.m.35 views

CVE-2026-56012

The CVE concerns the WordPress plugin Media Library Assistant (vulnerable from unknown through 3.35). The issue is an SQL Injection due to improper neutralization of special elements in SQL commands, enabling blind SQL injection. Affected component is the plugin’s data handling for user input in ...

8.5CVSS5.6AI score0.00211EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/18 2:1 p.m.8 views

WordPress Media LIbrary Assistant plugin <= 3.35 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Media LIbrary Assistant versions = 3.35...

8.5CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/06/18 8:31 a.m.25 views

CVE-2026-2021 Slideshow Gallery LITE <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'alwaysauto' Shortcode Attribute

The Slideshow Gallery LITE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alwaysauto' shortcode attribute in all versions up to, and including, 1.8.5. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible...

6.4CVSS0.00205EPSS
Exploits0References6
CVE
CVE
added 2026/06/18 3:41 a.m.33 views

CVE-2026-10023

Dok an: AI Powered WooCommerce Marketplace Solution

4.3CVSS5.7AI score0.0025EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/17 6:35 p.m.12 views

EUVD-2026-37660

Unauthenticated SQL Injection in WPJobster = 6.3.5 versions...

9.3CVSS5.7AI score0.00372EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/17 4:14 p.m.7 views

WordPress Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin <= 3.7.5 - Authenticated (Contributor+) Sensitive Information Exposure vulnerability

Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by se1en in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.7.5...

4.3CVSS5.3AI score0.00243EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/17 1:40 p.m.31 views

CVE-2026-54815 WordPress Cargo Shipping Location for WooCommerce plugin <= 5.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6...

9.3CVSS0.00236EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 1:37 p.m.34 views

CVE-2026-54816 WordPress Advanced Ads plugin <= 2.0.21 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Monetizemore Advanced Ads allows Remote Code Inclusion. This issue affects Advanced Ads: from n/a through 2.0.21...

7.5CVSS0.00292EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/17 1:22 p.m.6 views

WordPress Ads by WPQuads plugin <= 3.0.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by HaiND in WordPress Plugin Ads by WPQuads versions = 3.0.3...

7.5CVSS5.8AI score0.00294EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/06/17 9:51 a.m.20 views

CVE-2026-49767

CVE-2026-49767 concerns the WordPress WordPress wpForo Forum plugin (≤ 3.1.0) with an Unauthenticated Broken Authentication vulnerability. Affected software is the wpForo Forum plugin; root cause is broken authentication in versions ≤ 3.1.0. Impact is high (CVSS v3.1 base score 9.8, CRITICAL) wit...

9.8CVSS5.2AI score0.00548EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/17 12:0 a.m.7 views

WordPress FireBox Popups – Increase Sales and Grow Your Email List plugin <= 3.1.7 - Unauthenticated Sensitive Information Exposure in 'form_id' Parameter vulnerability

Unauthenticated Sensitive Information Exposure in 'formid' Parameter vulnerability discovered by Duc Manh in WordPress Plugin FireBox versions = 3.1.7...

5.3CVSS5.3AI score0.00331EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/16 9:0 a.m.29 views

CVE-2026-54197 WordPress GetGenie plugin <= 4.4.1 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in GetGenie = 4.4.1 versions...

6.5CVSS0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 7:46 a.m.11 views

EUVD-2026-37041

The File Sharing & Download Manager – User Private Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fldrttl' parameter in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.5AI score0.00235EPSS
Exploits0References9
CVE
CVE
added 2026/06/15 8:19 p.m.22 views

CVE-2026-52695

CVE-2026-52695 affects the WordPress plugin ABC Crypto Checkout (versions

7.5CVSS5.2AI score0.00243EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:19 p.m.6 views

CVE-2026-49770 WordPress WP Travel Engine plugin <= 6.7.12 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WP Travel Engine = 6.7.12 versions...

9.8CVSS5.3AI score0.00383EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:19 p.m.26 views

CVE-2026-49078

Technical details for CVE-2026-49078 are not publicly available in the provided documents. Monitor updates from Patchstack/CVE entries for affected version 6.7.10 and potential fixes.

7.5CVSS5.2AI score0.00252EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:19 p.m.6 views

CVE-2026-48970 WordPress Really Simple SSL plugin <= 9.5.10 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in Really Simple SSL = 9.5.10 versions...

8.1CVSS5.2AI score0.00322EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:19 p.m.19 views

CVE-2026-48880

WP Job Portal (WordPress) plugin

6.5CVSS5.1AI score0.00205EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.21 views

CVE-2026-48838

CVE-2026-48838 covers an unauthenticated Cross Site Scripting (XSS) vulnerability in the WordPress Post SMTP plugin, versions

7.1CVSS5.1AI score0.00237EPSS
Exploits0References1
Rows per page
Query Builder