Lucene search
K

15913 matches found

NVD
NVD
added 2026/06/24 7:16 a.m.10 views

CVE-2026-9175

The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.0. This is due to the getsingleaccount REST API callback being registered with a permissioncallback that unconditionally returns tru...

5.3CVSS0.00348EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 6:0 a.m.5 views

EUVD-2026-38692

The AI Share & Summarize WordPress plugin before 2.0.4 does not sanitise and escape some of its shortcode attributes before outputting them in a page, allowing users with the Contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 5:33 a.m.11 views

CVE-2026-8865

CVE-2026-8865 affects the Avalon23 Products Filter for WooCommerce WordPress plugin (

6.4CVSS6AI score0.00193EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 5:33 a.m.14 views

EUVD-2026-38685

The Advance Nav Menu Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00227EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/24 5:33 a.m.8 views

EUVD-2026-38673

The 24liveblog - live blog tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatelb24token AJAX function in versions up to, and including, 2.2. The handler only verifies the 'lb24' nonce which is generated and localized to any...

4.3CVSS5.9AI score0.00215EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51699

Name of the Vulnerable Software and Affected Versions WP Latest Posts versions prior to 5.0.12 Description The plugin is subject to Stored Cross-Site Scripting due to insufficient output escaping in the field and loop functions. These functions use a regular expression to extract the raw src...

6.4CVSS6AI score0.00207EPSS
Exploits0References9
Patchstack
Patchstack
added 2026/06/23 12:30 p.m.8 views

WordPress Library Management System plugin <= 3.5.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Benedictus Jovan aillesim/eneri in WordPress Plugin Library Management System versions = 3.5.7...

9.3CVSS6AI score0.00291EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/22 8:41 a.m.10 views

WordPress Simple File List plugin <= 6.3.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Operations (Deletion / Move / Folder Creation / Download) via 'frontmanage' Shortcode Attribute vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary File Operations Deletion / Move / Folder Creation / Download via 'frontmanage' Shortcode Attribute vulnerability discovered by WordFence in WordPress Plugin Simple File List versions = 6.3.7...

6.5CVSS5.9AI score0.00267EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/22 6:0 a.m.8 views

EUVD-2026-38211

The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS5.8AI score0.00152EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 1:7 p.m.29 views

CVE-2026-39999 Apache APISIX: JWT Algorithm Confusion allows authentication bypass

Authentication Bypass by Spoofing vulnerability in Apache APISIX. The attacker can completely bypass authentication capitalising on certain configurations of jwt-auth plugin. This issue affects Apache APISIX: from v2.2 through v3.16.0. Users are recommended to upgrade to version v3.17.0, which...

7CVSS0.00386EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/19 9:3 a.m.4 views

WordPress Master Slider plugin <= 3.11.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Master Slider versions = 3.11.2...

7.1CVSS5.8AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/19 8:59 a.m.10 views

WordPress License Manager for WooCommerce plugin <= 3.0.15 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by dodoh4t in WordPress Plugin License Manager for WooCommerce versions = 3.0.15...

6.5CVSS5.8AI score0.00235EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-50841

Name of the Vulnerable Software and Affected Versions Advanced Import versions prior to 1.4.7 Description Server-Side Request Forgery SSRF occurs when the plugin uses the wp remote get function to fetch a user-supplied URL without validating that the destination does not point to internal or...

6.4CVSS5.9AI score0.00208EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-50884

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 2.3 through 3.16.0 Description The openid-connect plugin under default configuration contains an issue where insufficient verification of data authenticity allows an attacker to spoof identity headers. This can lead to...

9.1CVSS5.9AI score0.00213EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/06/18 2:33 p.m.5 views

WordPress Stylish Cost Calculator plugin <= 8.3.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ParkHyunWoo in WordPress Plugin Stylish Cost Calculator versions = 8.3.9...

7.5CVSS5.8AI score0.00278EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/06/18 2:2 p.m.35 views

CVE-2026-56012

The CVE concerns the WordPress plugin Media Library Assistant (vulnerable from unknown through 3.35). The issue is an SQL Injection due to improper neutralization of special elements in SQL commands, enabling blind SQL injection. Affected component is the plugin’s data handling for user input in ...

8.5CVSS5.6AI score0.00211EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/18 2:1 p.m.8 views

WordPress Media LIbrary Assistant plugin <= 3.35 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Media LIbrary Assistant versions = 3.35...

8.5CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/06/18 8:31 a.m.24 views

CVE-2026-2021 Slideshow Gallery LITE <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'alwaysauto' Shortcode Attribute

The Slideshow Gallery LITE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alwaysauto' shortcode attribute in all versions up to, and including, 1.8.5. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible...

6.4CVSS0.00205EPSS
Exploits0References6
CVE
CVE
added 2026/06/18 3:41 a.m.33 views

CVE-2026-10023

Dok an: AI Powered WooCommerce Marketplace Solution

4.3CVSS5.7AI score0.0025EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37660

Unauthenticated SQL Injection in WPJobster = 6.3.5 versions...

9.3CVSS5.7AI score0.00372EPSS
Exploits0References2
Rows per page
Query Builder