Lucene search
+L

1763 matches found

EUVD
EUVD
added 2026/05/20 1:25 a.m.13 views

EUVD-2026-31034

The 診断ジェネレータ作成プラグイン Diagnosis Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'js' parameter in versions up to and including 1.4.16. This is due to missing authorization checks and insufficient input sanitization in the themeFunc function. The function is hooke...

6.4CVSS6AI score0.00308EPSS
Exploits0References9
Patchstack
Patchstack
added 2026/05/19 12:3 p.m.10 views

WordPress Sentence To SEO (keywords, description and tags) plugin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Sentence To SEO keywords, description and tags versions = 1.0...

6.1CVSS5.8AI score0.00174EPSS
Exploits0References1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 12:0 a.m.15 views

Malicious code in babel-plugin-version (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
OSV
OSV
added 2026/05/19 12:0 a.m.12 views

MAL-2026-4129 Malicious code in babel-plugin-version (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
Snyk
Snyk
added 2026/05/18 9:0 p.m.10 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.6 views

@lingxiteam/cli (=0.3.0), babel-preset-jaid (>=1.0.0 <=2.9.0) +1 more potentially affected by unknown CVE via babel-plugin-version (=0.2.3)

babel-plugin-version NPM version =0.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on babel-plugin-version and may be impacted: - @lingxiteam/cli =0.3.0 - babel-preset-jaid =1.0.0, =2.0.0, =2.9.0 Source cves: unknown CVE Source advisory:...

5.5AI score
Exploits0
Snyk
Snyk
added 2026/05/18 9:0 p.m.7 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.22 views

PT-2026-41513

Name of the Vulnerable Software and Affected Versions The AI Engine – The Chatbot, AI Framework & MCP for WordPress version 3.4.9 Description Missing WordPress capability enforcement in the MCP OAuth bearer-token authorization path allows authenticated users with Subscriber privileges or higher t...

8.8CVSS5.8AI score0.00359EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/15 7:46 a.m.6 views

CVE-2026-4683

The Smartcat Translator for WPML plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'routeData' REST endpoint in all versions up to, and including, 3.1.77. This makes it possible for unauthenticated attackers to overwrite the plugin's...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References5
NVD
NVD
added 2026/05/14 1:16 p.m.24 views

CVE-2026-4029

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check. This makes it possible for unauthenticated attackers to...

7.5CVSS0.0041EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

WordPress plugin Meta Field Block 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.00156EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/13 3:33 p.m.11 views

SiYuan Bazaar marketplace renders unescaped package `name` and `version` metadata, allowing stored XSS and Electron code execution

Summary SiYuan's Bazaar community marketplace renders the name and version fields of a package's plugin.json and the equivalent theme.json / template.json / widget.json / icon.json into the Settings → Marketplace UI without HTML escaping. The kernel-side helper sanitizePackageDisplayStrings in...

9CVSS6AI score0.00361EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/13 12:0 a.m.19 views

WordPress My Calendar – Accessible Event Manager plugin <= 3.7.9 - Authenticated (Custom+) Missing Authorization to Unauthorized Event Publication vulnerability

Authenticated Custom+ Missing Authorization to Unauthorized Event Publication vulnerability discovered by type5afe in WordPress Plugin My Calendar versions = 3.7.9...

4.3CVSS5.8AI score0.00341EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/12 7:48 a.m.18 views

CVE-2026-6708

The CVE-2026-6708 entry concerns the WordPress plugin “HEL Online Classroom: AI-powered Online Classrooms” (versions

5.3CVSS5.8AI score0.0031EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.14 views

WordPress plugin WP Google Maps Integration 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.1CVSS5.8AI score0.00211EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

WordPress plugin Pricing Tables for WP 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.1CVSS5.6AI score0.00255EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/11 7:5 p.m.9 views

WordPress Zawgyi Embed plugin <= 2.1.1 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Zawgyi Embed versions = 2.1.1...

4.3CVSS5.8AI score0.00128EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/09 5:36 a.m.8 views

WordPress AI Product Search for WooCommerce – Motive Commerce Search plugin <= 1.38.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Benedictus Jovan aillesim/eneri in WordPress Plugin AI Product Search for WooCommerce Motive Commerce Search versions = 1.38.2...

5.8AI score0.00254EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.12 views

PT-2026-36567

Name of the Vulnerable Software and Affected Versions My Social Feeds – Social Feeds Embedder versions prior to 1.0.5 Description The plugin is subject to sensitive information exposure via the 'ttp get accounts' AJAX action. The get accounts function lacks authorization checks and nonce...

5.4CVSS5.7AI score0.00229EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/05/01 9:15 a.m.5 views

WordPress Widgets on Pages plugin <= 1.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Widgets on Pages versions = 1.7...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder