Lucene search
K

585 matches found

Nuclei
Nuclei
added 16 hours ago22 views

Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit - Broken Access Control

The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the installoractivateaddonplugins function and a weak nonce hash in all...

9.8CVSS6.1AI score0.02904EPSS
Exploits0References3
Nuclei
Nuclei
added 16 hours ago11 views

ListingPro < 2.6.1 - Arbitrary Plugin Installation/Activation/Deactivation

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lpccaddonsactions function. This makes it possible for unauthenticated attacker...

9.8CVSS7.1AI score0.04304EPSS
Exploits1References2
NVD
NVD
added yesterday3 views

CVE-2026-62194

OpenClaw versions 2026.5.20 before 2026.6.9 contain a privilege escalation vulnerability in plugin install commands that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can exploit misconfigured input paths or enabled features to escalate...

8.8CVSS
Exploits0References2
CVE
CVE
added yesterday15 views

CVE-2026-62194

OpenClaw CVE-2026-62194 affects OpenClaw versions 2026.5.20 before 2026.6.9. Vulnerable: plugin install commands in the OpenClaw stack. Root cause: privilege escalation via misconfigured input paths or enabled features that let lower-trust callers execute/persist actions beyond their authorizatio...

8.8CVSS6.2AI score
Exploits0References2Affected Software1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42563

The Divi Torque Lite – Divi Theme, Divi Builder & Extra Theme plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3. This is due to the use of 'returntrue' as the permissioncallback for the /installplugin and /activateplugin REST API endpoint...

8.8CVSS5.9AI score0.00187EPSS
Exploits0References8
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-4275 Divi Torque Lite <= 4.2.3 - Cross-Site Request Forgery to Arbitrary Plugin Installation via 'install_plugin' REST Endpoint

The Divi Torque Lite – Divi Theme, Divi Builder & Extra Theme plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3. This is due to the use of 'returntrue' as the permissioncallback for the /installplugin and /activateplugin REST API endpoint...

8.8CVSS0.00187EPSS
Exploits0References8
CVE
CVE
added 5 days ago13 views

CVE-2026-4275

CVE-2026-4275 affects the Divi Torque Lite – Divi Theme, Divi Builder & Extra Theme plugin for WordPress up to version 4.2.3. The vulnerability is a Cross-Site Request Forgery (CSRF) flaw arising from using __return_true as the permission_callback for the /install_plugin and /activate_plugin REST...

8.8CVSS5.9AI score0.00187EPSS
Exploits0References8
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-8848 Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder <= 1.22.0 - Missing Authorization to Authenticated (Editor+) Arbitrary Plugin Installation

The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.22.0. This is due to the plugin not properly verifying that a user is authorized to perform an...

7.2CVSS0.00659EPSS
Exploits0References12
CVE
CVE
added 5 days ago10 views

CVE-2026-11359

The CVE-2026-11359 entry relates to the Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration plugin for WordPress. Affected versions up to 3.4 are vulnerable due to missing capability checks and nonce validation in the pg_install_profilegrid() AJAX handler (wp_ajax_...

4.3CVSS5.9AI score0.00246EPSS
Exploits0References5
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42541

The Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration plugin for WordPress is vulnerable to unauthorized plugin installation and activation in versions up to, and including, 3.4. This is due to a missing capability check and missing nonce validation on the...

4.3CVSS5.9AI score0.00246EPSS
Exploits0References5
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42172

The WP Learn Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.8. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to install and activat...

9.8CVSS6AI score0.00364EPSS
Exploits0References5
CVE
CVE
added 6 days ago15 views

CVE-2026-12153

CVE-2026-12153 affects the WordPress WP Learn Manager plugin up to version 1.1.8. The vulnerability is an authorization bypass in the jslearnmanager_ajax AJAX action, allowing unauthenticated attackers to install and activate arbitrary plugins from the WordPress.org repository on affected sites. ...

9.8CVSS6AI score0.00364EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago13 views

PT-2026-56320

Name of the Vulnerable Software and Affected Versions WP Learn Manager versions prior to 1.1.9 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. This flaw allows unauthenticated attackers to install and...

9.8CVSS6AI score0.00364EPSS
Exploits0References9
OSV
OSV
added 2026/07/02 7:2 a.m.3 views

OPENSUSE-SU-2026:21205-1 Security update for docker-stable

This update for docker-stable fixes the following issues - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo- header bsc1260279. - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad...

9.6CVSS6.6AI score0.08123EPSS
Exploits2References12
EUVD
EUVD
added 2026/06/26 12:32 a.m.5 views

EUVD-2020-31260

Grav before 1.6.30 contains a cross-site scripting vulnerability in the Admin plugin page editor default security configuration. Privileged users with page editing capabilities can inject malicious scripts to execute arbitrary code and install malicious plugins for system access...

5.4CVSS6.1AI score0.00167EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 10:16 p.m.2 views

CVE-2020-37256

Grav before 1.6.30 contains a cross-site scripting vulnerability in the Admin plugin page editor default security configuration. Privileged users with page editing capabilities can inject malicious scripts to execute arbitrary code and install malicious plugins for system access...

5.1CVSS6.2AI score
Exploits0References2
CVE
CVE
added 2026/06/15 6:50 p.m.21 views

CVE-2026-49954

Discuz! X5.0 (versions 20260320–20260610) is affected by a Local File Inclusion in the enable_disable.php Plugin Directory, exploitable by authenticated administrators. The vulnerability stems from importing a crafted plugin configuration that uses path traversal in the directory attribute; an ex...

8.6CVSS6.3AI score0.00525EPSS
Exploits2References4
GithubExploit
GithubExploit
added 2026/06/15 5:6 a.m.180 views

Exploit for CVE-2026-10795

CVE Lab: CVE-2026-10795 - UpdraftPlus UpdraftCentral RPC Authe...

8.1CVSS6.6AI score0.03578EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49309

Discuz! X5.0 releases 20260320 through 20260501 contain a local file inclusion vulnerability that allows authenticated administrators to execute arbitrary code by importing a specially crafted plugin configuration containing path traversal sequences in the directory attribute. Attackers can trigg...

8.6CVSS6.4AI score0.00525EPSS
Exploits2References4
Patchstack
Patchstack
added 2026/06/11 12:33 p.m.11 views

WordPress Restaurant Cafeteria theme <= 0.4.6 - Subscriber+ Arbitrary Plugin Installation/Activation vulnerability

Subscriber+ Arbitrary Plugin Installation/Activation vulnerability discovered by Khaled Alenazi Nxploited in WordPress Theme Restaurant Cafeteria versions = 0.4.6...

5.4CVSS5.4AI score0.0022EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder