Lucene search
K

15919 matches found

CVE
CVE
added 2026/06/29 6:0 a.m.9 views

CVE-2026-10083

The CVE concerns the APCu Manager WordPress plugin prior to version 4.5.0. The root cause is that APCu object-cache keys are not escaped before rendering in an admin page, enabling a Stored XSS when a persistent object cache is used. Cache keys derived from unsanitised user input (e.g., a transie...

7.5CVSS6AI score0.00204EPSS
Exploits0References1
NVD
NVD
added 2026/06/27 8:16 a.m.11 views

CVE-2026-11597

The Surbma | Infusionsoft Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'infusionsoft-form' shortcode in versions up to, and including, 2.0.1. This is due to insufficient input sanitization and output escaping on user-supplied 'account' and 'id' shortcode...

6.4CVSS0.00193EPSS
Exploits0References5
CVE
CVE
added 2026/06/27 6:50 a.m.16 views

CVE-2026-13295

The CVE-2026-13295 entry concerns the Page Builder by SiteOrigin WordPress plugin. A stored XSS vulnerability affects all versions up to 2.34.3, caused by insufficient input sanitization and output escaping of the panels_data parameter. Authenticated users with Contributor-level access and above ...

6.4CVSS6AI score0.00241EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/27 5:33 a.m.8 views

EUVD-2026-39945

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 9.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS5.8AI score0.00281EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.33 views

CVE-2026-57649 WordPress Shoppable Images Lite plugin <= 1.3 - Broken Access Control vulnerability

Subscriber Broken Access Control in Shoppable Images Lite = 1.3 versions...

4.3CVSS0.00213EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:53 p.m.11 views

CVE-2026-57633

CVE-2026-57633 describes an unauthenticated sensitive data exposure affecting the WordPress plugin WCBoost – Products Compare for versions up to 1.1.0 . The connected sources confirm the affected component and the exposure but do not provide attacker vectors, specific data exposed, root cause det...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.32 views

CVE-2026-57321 WordPress H5P plugin <= 1.17.7 - Arbitrary File Deletion vulnerability

Contributor Arbitrary File Deletion in H5P = 1.17.7 versions...

7.1CVSS0.00294EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.31 views

CVE-2026-57316 WordPress GetGenie plugin <= 4.4.2 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in GetGenie = 4.4.2 versions...

6.5CVSS0.00355EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.9 views

CVE-2026-57316

CVE-2026-57316 concerns the WordPress GetGenie plugin (versions up to 4.4.2). The issue is described as Subscriber Sensitive Data Exposure, indicating that subscriber data may be exposed due to a vulnerability in the affected plugin. The CVSS 3.1 data in the initial document assigns a base score ...

6.5CVSS5.8AI score0.00355EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.30 views

CVE-2026-56026 WordPress utm.codes plugin <= 1.9.0 - Server Side Request Forgery (SSRF) vulnerability

Subscriber Server Side Request Forgery SSRF in utm.codes = 1.9.0 versions...

6.4CVSS0.0022EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.31 views

CVE-2026-54847 WordPress Stylish Cost Calculator plugin <= 8.3.9 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Stylish Cost Calculator = 8.3.9 versions...

7.5CVSS0.00278EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/26 1:18 p.m.6 views

WordPress Gmail SMTP plugin <= 1.2.3.19 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Gmail SMTP versions = 1.2.3.19...

4.3CVSS5.8AI score0.00098EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/26 1:14 p.m.4 views

WordPress Panorama Viewer – 360 Degree Image + Video Viewer plugin <= 1.6.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by endy in WordPress Plugin Panorama Viewer – 360 Degree Image + Video Viewer versions = 1.6.1...

7.5CVSS5.8AI score0.00259EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/26 12:30 p.m.6 views

WordPress Abandoned Cart Lite for WooCommerce plugin <= 6.8.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Abandoned Cart Lite for WooCommerce versions = 6.8.0...

4.3CVSS5.8AI score0.00107EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/26 12:18 p.m.5 views

WordPress Kirki plugin <= 6.0.11 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Kirki versions = 6.0.11...

4.9CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/06/25 5:29 p.m.16 views

CVE-2026-57700

Summary of CVE-2026-57700 (WordPress OMGF Pro plugin

10CVSS5.8AI score0.00373EPSS
In wildExploits0References1
Cvelist
Cvelist
added 2026/06/25 1:16 p.m.54 views

CVE-2026-54842 WordPress Royal MCP plugin <= 1.4.25 - Broken Access Control vulnerability

Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25...

8.1CVSS0.00195EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:12 p.m.13 views

CVE-2026-56071

CVE-2026-56071 affects WordPress Forminator plugin versions

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 1:12 p.m.33 views

CVE-2026-56051 WordPress TablePress plugin <= 3.3.1 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in TablePress = 3.3.1 versions...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:12 p.m.13 views

CVE-2026-56049

CVE-2026-56049 affects WordPress Post Snippets plugin and is a Remote Code Execution vulnerability in versions

8.5CVSS5.9AI score0.00351EPSS
Exploits0References1
Rows per page
Query Builder