Lucene search
+L

1763 matches found

EUVD
EUVD
added yesterday7 views

EUVD-2026-45152

The HubSpot All-In-One Marketing – Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.62 via the wplocalizescript / window.leadinConfig JavaScript object. This makes it possible for authenticated attackers, with...

4.3CVSS5.3AI score0.00158EPSS
Exploits0References6
Nuclei
Nuclei
added yesterday32 views

Export WP Page to Static HTML <= 4.3.4 - Cookie Exposure

Export WP Page to Static HTML & PDF WordPress plugin = 4.3.4 contains a sensitive information exposure caused by publicly exposed cookies.txt files with authentication cookies, letting unauthenticated attackers access sensitive authentication data, exploit requires site administrator to trigger...

9.8CVSS5AI score0.01954EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday12 views

Giga Messenger WordPress - Cross-Site Scripting

Giga Messenger WordPress plugin = 2.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

6.1CVSS8AI score0.00562EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday43 views

WordPress Themify Builder < 7.5.8 - Open Redirect

The Themify Builder WordPress plugin before version 7.5.8 contains an open redirect vulnerability. The plugin does not validate the tbredirectfail parameter before redirecting users to its value, which could allow attackers to redirect users to malicious websites. id: CVE-2024-3032 info: name:...

6.1CVSS5.2AI score0.00823EPSS
Exploits2References2
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-44978

The Lenovo XClarity Integrator for Windows Admin Center plugin version 5.1.1 and below running on the WAC Gateway is vulnerable to Powershell Command Injection when establishing remote PowerShell commands...

8.8CVSS6.1AI score0.00757EPSS
Exploits0References1
NVD
NVD
added 5 days ago8 views

CVE-2026-57811

Improper Control of Generation of Code 'Code Injection' vulnerability in Realtyna Realtyna Organic IDX plugin real-estate-listing-realtyna-wpl allows Remote Code Inclusion.This issue affects Realtyna Organic IDX plugin: from n/a through = 5.2.0...

10CVSS0.0032EPSS
Exploits0References1
CVE
CVE
added 5 days ago9 views

CVE-2026-57816

The CVE-2026-57816 entry concerns FunnelKit Funnel Builder (WordPress plugin) with a Reflected XSS in the funnel-builder component. Affected versions are listed as from n/a through

7.1CVSS6.1AI score0.00146EPSS
Exploits0References1
CVE
CVE
added 5 days ago14 views

CVE-2026-57786

CVE-2026-57786 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin WorkScout-Core (purethemes WorkScout-Core) that allows authentication bypass. Affected versions are WorkScout-Core up to and including 1.7.08. The connected sources (NVD and CVE records) confirm the...

8.8CVSS6.1AI score0.00164EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-61971 WordPress User Profile Picture plugin <= 2.6.3 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture metronet-profile-picture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Profile Picture: from n/a through = 2.6.3...

2.7CVSS0.00192EPSS
Exploits0References1
CVE
CVE
added 5 days ago14 views

CVE-2026-57768

CVE-2026-57768 impacts the WordPress plugin Houzez Login Register (versions

8.2CVSS6.1AI score0.00228EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-57416 WordPress SiteGround Email Marketing plugin <= 1.7.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SiteGround SiteGround Email Marketing siteground-email-marketing allows Stored XSS.This issue affects SiteGround Email Marketing: from n/a through = 1.7.5...

7.1CVSS0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago28 views

CVE-2026-57711 WordPress SupportCandy plugin <= 3.4.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PSM Plugins SupportCandy supportcandy allows Stored XSS.This issue affects SupportCandy: from n/a through = 3.4.8...

6.5CVSS0.00161EPSS
Exploits0References1
CVE
CVE
added 5 days ago5 views

CVE-2026-57381

The CVE describes a Reflected Cross-Site Scripting vulnerability in the WordPress PropertyHive plugin (PropertyHive) for versions

7.1CVSS6.1AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 5 days ago18 views

CVE-2026-57363

The CVE-2026-57363 entry documents a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress ChatBot plugin, affecting versions up to 8.3.7. The issue arises from improper neutralization of input during web page generation, enabling XSS when data is rendered. Affected component: the Chat...

7.1CVSS6.1AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-57372 WordPress WPJAM Basic plugin <= 7.0 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in denishua WPJAM Basic wpjam-basic allows Server Side Request Forgery.This issue affects WPJAM Basic: from n/a through = 7.0...

7.2CVSS0.00194EPSS
Exploits0References1
NVD
NVD
added 2026/07/11 5:16 a.m.7 views

CVE-2026-7559

The Affilia – Affiliate Program & Referral Tracking for WordPress plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.3.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00304EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/07/11 2:31 a.m.34 views

CVE-2026-13262 Majestic Support <= 1.1.9 - Authenticated (Subscriber+) SQL Injection via 'val' Parameter

The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'val' parameter in all versions up to, and including, 1.1.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...

6.5CVSS0.00352EPSS
Exploits0References10
Patchstack
Patchstack
added 2026/07/09 7:32 p.m.5 views

WordPress GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference plugin <= 1.1.8 - Cross-Site Request Forgery to Google Meet Credential Reset vulnerability

Cross-Site Request Forgery to Google Meet Credential Reset vulnerability discovered by Legion Hunter in WordPress Plugin GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference versions = 1.1.8...

4.3CVSS6.1AI score0.00168EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/07/09 7:10 p.m.5 views

WordPress Easy Appointments plugin <= 3.12.27 - Missing Authorization to Authenticated (Author+) Bulk Appointment Manipulation vulnerability

Missing Authorization to Authenticated Author+ Bulk Appointment Manipulation vulnerability discovered by armx64 in WordPress Plugin Easy Appointments versions = 3.12.27...

4.3CVSS6.1AI score0.0028EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/07/08 1:23 p.m.6 views

WordPress Cart Lift plugin <= 3.1.57 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by dodoh4t in WordPress Plugin Cart Lift versions = 3.1.57...

7.1CVSS6.1AI score0.0018EPSS
Exploits0Affected Software1
Rows per page
Query Builder