Lucene search
K

8474 matches found

Nuclei
Nuclei
added yesterday60 views

WP Visitor Statistics (Real Time Traffic) < 6.9 - SQL Injection

The plugin does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks. id: CVE-2023-0600 info: name: WP Visitor Statistics Real Time Traffic 6.9 - SQL Injection author: r3Y3r53,j4vaovo severity: critical description: | The...

9.8CVSS7.1AI score0.04234EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday111 views

WordPress Redux Framework <=4.2.11 - Information Disclosure

WordPress Redux Framework plugin through 4.2.11 is susceptible to information disclosure. The plugin registers several unique AJAX actions available to unauthenticated users in the includes function in redux-core/class-redux-core.php. These are predictable, given that they are based on an md5 has...

5.3CVSS6.2AI score0.28961EPSS
Exploits6References5
Nuclei
Nuclei
added yesterday70 views

All Thrive Themes and Plugins - Unauthenticated Option Update

The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin...

5.3CVSS6.3AI score0.02076EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday116 views

GutenKit <= 2.1.0 - Arbitrary File Upload

The GutenKit Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the installandactivatepluginfromexternal function install-active-plugin REST API endpoint in all versions up to, a...

9.8CVSS7.2AI score0.10429EPSS
Exploits3References2
Nuclei
Nuclei
added yesterday60 views

OpenDreambox 2.0.0 - Remote Code Execution

OpenDreambox 2.0.0 is susceptible to remote code execution via the webadmin plugin. Remote attackers can execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI in enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py. id: CVE-2017-14135 info: nam...

10CVSS7.6AI score0.21842EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday91 views

WordPress Visitor Statistics <=5.7 - SQL Injection

WordPress Visitor Statistics plugin through 5.7 contains multiple unauthenticated SQL injection vulnerabilities. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-33965 info:...

9.8CVSS7.1AI score0.03413EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday32 views

WordPress Widgets for Social Photo Feed <= 1.8 - Information Disclosure

Widgets for Social Photo Feed WordPress plugin = 1.8 contains a broken access control caused by missing capability checks on specific REST API endpoints, letting unauthenticated attackers access and modify plugin settings remotely. id: CVE-2025-14726 info: name: WordPress Widgets for Social Photo...

6.5CVSS6.1AI score0.0083EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday72 views

WordPress WHMCS Bridge <6.4b - Cross-Site Scripting

WordPress WHMCS Bridge plugin before 6.4b contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the error parameter before outputting it back in the admin dashboard. id: CVE-2021-25112 info: name: WordPress WHMCS Bridge 6.4b - Cross-Site Scripting author:...

6.1CVSS6.4AI score0.02187EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday52 views

Bloofox v0.5.2.1 - SQL Injection

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit. id: CVE-2023-34754 info: name: Bloofox v0.5.2.1 - SQL Injection author: ritikchaddha severity: critical description: | bloofox v0.5.2.1 was...

9.8CVSS7.1AI score0.03449EPSS
Exploits1References2
NVD
NVD
added 2 days ago3 views

CVE-2026-57711

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PSM Plugins SupportCandy supportcandy allows Stored XSS.This issue affects SupportCandy: from n/a through = 3.4.8...

6.5CVSS0.00161EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-43286

The Database for Contact Form 7, WPforms, Elementor forms WordPress plugin before 1.5.2 does not restrict the PHP classes allowed when unserializing an attacker-supplied form-field value, allowing unauthenticated users to inject arbitrary PHP objects that are instantiated when an administrator...

5CVSS6.2AI score0.00139EPSS
Exploits0References2
NVD
NVD
added 2 days ago4 views

CVE-2026-12081

The Database for Contact Form 7, WPforms, Elementor forms WordPress plugin before 1.5.2 does not restrict the PHP classes allowed when unserializing an attacker-supplied form-field value, allowing unauthenticated users to inject arbitrary PHP objects that are instantiated when an administrator...

5CVSS0.00139EPSS
Exploits0References1
Nuclei
Nuclei
added 2 days ago61 views

Atlassian Crowd and Crowd Data Center - Unauthenticated Remote Code Execution

Atlassian Crowd and Crowd Data Center is susceptible to a remote code execution vulnerability because the pdkinstall development plugin is incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit...

9.8CVSS7.6AI score0.95355EPSS
Exploits6References5
NVD
NVD
added 3 days ago9 views

CVE-2026-15500

A weakness has been identified in AstrBotDevs AstrBot up to 4.25.2. Affected by this vulnerability is the function getonlineplugins of the file astrbot/dashboard/routes/plugin.py of the component marketlist Endpoint. Executing a manipulation of the argument customregistry can lead to server-side...

6.5CVSS0.00209EPSS
Exploits0References6
CVE
CVE
added 3 days ago11 views

CVE-2026-15500

AstrBotDevs AstrBot (

6.5CVSS6.4AI score0.00209EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-15500 AstrBotDevs AstrBot market_list Endpoint plugin.py get_online_plugins server-side request forgery

A weakness has been identified in AstrBotDevs AstrBot up to 4.25.2. Affected by this vulnerability is the function getonlineplugins of the file astrbot/dashboard/routes/plugin.py of the component marketlist Endpoint. Executing a manipulation of the argument customregistry can lead to server-side...

6.5CVSS0.00209EPSS
Exploits0References6
Fedora
Fedora
added 4 days ago6 views

[SECURITY] Fedora 44 Update: OpenImageIO-3.1.15.0-1.fc44

OpenImageIO is a library for reading and writing images, and a bunch of relat ed classes, utilities, and applications. Main features include: - Extremely simple but powerful ImageInput and ImageOutput APIs for reading a nd writing 2D images that is format agnostic. - Format plugins for TIFF,...

7.5CVSS7AI score0.00517EPSS
Exploits0
Rockylinux
Rockylinux
added 5 days ago4 views

gstreamer1-plugins-bad-free security update

An update is available for gstreamer1-plugins-bad-free. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GStreamer is a streaming media framework based on graphs...

8.8CVSS6.2AI score0.0053EPSS
Exploits0
Rockylinux
Rockylinux
added 5 days ago7 views

gstreamer1-plugins-good security update

An update is available for gstreamer1-plugins-good. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GStreamer is a streaming media framework based on graphs of...

7.6CVSS6.2AI score0.0031EPSS
Exploits0
NVD
NVD
added 5 days ago6 views

CVE-2026-15104

The BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin for WordPress is vulnerable to generic SQL Injection via the 'lang' parameter in all versions up to, and including, 4.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS0.0026EPSS
Exploits0References5
Rows per page
Query Builder