Lucene search
K

15943 matches found

Patchstack
Patchstack
added 2026/06/19 9:3 a.m.4 views

WordPress Master Slider plugin <= 3.11.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Master Slider versions = 3.11.2...

7.1CVSS5.8AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/19 8:59 a.m.13 views

WordPress License Manager for WooCommerce plugin <= 3.0.15 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by dodoh4t in WordPress Plugin License Manager for WooCommerce versions = 3.0.15...

6.5CVSS5.8AI score0.00235EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-50884

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 2.3 through 3.16.0 Description The openid-connect plugin under default configuration contains an issue where insufficient verification of data authenticity allows an attacker to spoof identity headers. This can lead to...

9.1CVSS5.9AI score0.00213EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.20 views

PT-2026-50841

Name of the Vulnerable Software and Affected Versions Advanced Import versions prior to 1.4.7 Description Server-Side Request Forgery SSRF occurs when the plugin uses the wp remote get function to fetch a user-supplied URL without validating that the destination does not point to internal or...

6.4CVSS5.9AI score0.00208EPSS
Exploits0References13
Patchstack
Patchstack
added 2026/06/18 2:33 p.m.7 views

WordPress Stylish Cost Calculator plugin <= 8.3.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ParkHyunWoo in WordPress Plugin Stylish Cost Calculator versions = 8.3.9...

7.5CVSS5.8AI score0.00278EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/06/18 2:2 p.m.35 views

CVE-2026-56012

The CVE concerns the WordPress plugin Media Library Assistant (vulnerable from unknown through 3.35). The issue is an SQL Injection due to improper neutralization of special elements in SQL commands, enabling blind SQL injection. Affected component is the plugin’s data handling for user input in ...

8.5CVSS5.6AI score0.00211EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/18 2:1 p.m.8 views

WordPress Media LIbrary Assistant plugin <= 3.35 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Media LIbrary Assistant versions = 3.35...

8.5CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/06/18 8:31 a.m.25 views

CVE-2026-2021 Slideshow Gallery LITE <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'alwaysauto' Shortcode Attribute

The Slideshow Gallery LITE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alwaysauto' shortcode attribute in all versions up to, and including, 1.8.5. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible...

6.4CVSS0.00205EPSS
Exploits0References6
CVE
CVE
added 2026/06/18 3:41 a.m.35 views

CVE-2026-10023

Dok an: AI Powered WooCommerce Marketplace Solution

4.3CVSS5.7AI score0.0025EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/17 6:35 p.m.13 views

EUVD-2026-37660

Unauthenticated SQL Injection in WPJobster = 6.3.5 versions...

9.3CVSS5.7AI score0.00372EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/17 4:14 p.m.7 views

WordPress Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin <= 3.7.5 - Authenticated (Contributor+) Sensitive Information Exposure vulnerability

Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by se1en in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.7.5...

4.3CVSS5.3AI score0.00243EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/17 1:40 p.m.32 views

CVE-2026-54815 WordPress Cargo Shipping Location for WooCommerce plugin <= 5.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6...

9.3CVSS0.00236EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 1:37 p.m.35 views

CVE-2026-54816 WordPress Advanced Ads plugin <= 2.0.21 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Monetizemore Advanced Ads allows Remote Code Inclusion. This issue affects Advanced Ads: from n/a through 2.0.21...

7.5CVSS0.00292EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/17 1:22 p.m.7 views

WordPress Ads by WPQuads plugin <= 3.0.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by HaiND in WordPress Plugin Ads by WPQuads versions = 3.0.3...

7.5CVSS5.8AI score0.00294EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/06/17 9:51 a.m.21 views

CVE-2026-49767

CVE-2026-49767 concerns the WordPress WordPress wpForo Forum plugin (≤ 3.1.0) with an Unauthenticated Broken Authentication vulnerability. Affected software is the wpForo Forum plugin; root cause is broken authentication in versions ≤ 3.1.0. Impact is high (CVSS v3.1 base score 9.8, CRITICAL) wit...

9.8CVSS5.2AI score0.00548EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/17 12:0 a.m.8 views

WordPress FireBox Popups – Increase Sales and Grow Your Email List plugin <= 3.1.7 - Unauthenticated Sensitive Information Exposure in 'form_id' Parameter vulnerability

Unauthenticated Sensitive Information Exposure in 'formid' Parameter vulnerability discovered by Duc Manh in WordPress Plugin FireBox versions = 3.1.7...

5.3CVSS5.3AI score0.00331EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/16 9:0 a.m.30 views

CVE-2026-54197 WordPress GetGenie plugin <= 4.4.1 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in GetGenie = 4.4.1 versions...

6.5CVSS0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 7:46 a.m.11 views

EUVD-2026-37041

The File Sharing & Download Manager – User Private Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fldrttl' parameter in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.5AI score0.00235EPSS
Exploits0References9
CVE
CVE
added 2026/06/15 8:19 p.m.22 views

CVE-2026-52695

CVE-2026-52695 affects the WordPress plugin ABC Crypto Checkout (versions

7.5CVSS5.2AI score0.00243EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:19 p.m.7 views

CVE-2026-49770 WordPress WP Travel Engine plugin <= 6.7.12 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WP Travel Engine = 6.7.12 versions...

9.8CVSS5.3AI score0.00383EPSS
Exploits0References1
Rows per page
Query Builder