Lucene search
K

105 matches found

Nuclei
Nuclei
added 8 hours ago17 views

WCAPF WooCommerce Ajax Product Filter - SQL Injection

WCAPF WooCommerce Ajax Product Filter = 4.2.3 contains a time-based SQL injection caused by insufficient escaping of the 'post-author' parameter, letting unauthenticated attackers extract sensitive database information remotely. id: CVE-2026-3396 info: name: WCAPF WooCommerce Ajax Product Filter ...

7.5CVSS5.8AI score0.01473EPSS
Exploits0References2
NVD
NVD
added 6 days ago7 views

CVE-2026-57643

Contributor SQL Injection in WP Post Author = 3.9.1 versions...

8.5CVSS0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-57643 WordPress WP Post Author plugin <= 3.9.1 - SQL Injection vulnerability

Contributor SQL Injection in WP Post Author = 3.9.1 versions...

8.5CVSS0.00211EPSS
Exploits0References1
CVE
CVE
added 6 days ago12 views

CVE-2026-57643

WP Post Author plugin for WordPress, versions

8.5CVSS5.8AI score0.00211EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-39758

Contributor SQL Injection in WP Post Author = 3.9.1 versions...

8.5CVSS5.8AI score0.00211EPSS
Exploits0References1
Patchstack
Patchstack
added 6 days ago4 views

WordPress WP Post Author plugin <= 3.9.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by hhhai in WordPress Plugin WP Post Author versions = 3.9.1...

8.5CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.9 views

CVE-2026-3396

WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter in all versions up to, and including, 4.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

7.5CVSS5.7AI score0.01473EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 7:16 a.m.20 views

CVE-2026-6275

The StatCounter – Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.1 This is due to insufficient output escaping on the post author's nickname in the statcounteraddToTags function. The function is hooked to wphead...

6.4CVSS0.00305EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.8 views

WordPress plugin Timetable and Event Schedule by MotoPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.3CVSS5.8AI score0.00218EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/20 6:0 a.m.42 views

CVE-2026-7385 Decent Comments < 3.0.2 - Unauthenticated Email Address Disclosure

The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API endpoint, allowing unauthenticated attackers to enumerate registered user email addresses...

0.00271EPSS
Exploits0References1
CVE
CVE
added 2026/05/20 6:0 a.m.22 views

CVE-2026-7385

The Decent Comments WordPress plugin (prior to version 3.0.2) exposes comment author and post author email addresses via its REST API without access restrictions, enabling unauthenticated users to enumerate registered email addresses. Root cause: insufficient access controls on the REST endpoint....

5.8CVSS5.8AI score0.00271EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/01 9:15 a.m.6 views

WordPress WP Post Author – Author Box, Multiple Authors, Guest Authors & Custom Avatars plugin <= 3.8.3 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WP Post Author versions = 3.8.3...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/29 4:16 p.m.7 views

CVE-2026-40229

Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it to be rendered unescaped in public forum threads where they participate, in the admin ticket view, and in HTML...

5.4CVSS0.00177EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/29 3:34 p.m.4 views

EUVD-2026-26244

Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it to be rendered unescaped in public forum threads where they participate, in the admin ticket view, and in HTML...

5.1CVSS5AI score0.00177EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/29 3:34 p.m.34 views

CVE-2026-40229 Helpy 2.8.0 - Stored XSS in post author display via PostsHelper

Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it to be rendered unescaped in public forum threads where they participate, in the admin ticket view, and in HTML...

5.1CVSS0.00177EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.9 views

Helpy 跨站脚本漏洞

Helpy is an open-source customer support application developed by the American company Helpy. This program includes features such as a knowledge base, community discussions, and email support. Version 2.8.0 of Helpy contains a cross-site scripting vulnerability, which stems from the storage-based...

5.4CVSS5.8AI score0.00177EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/08 12:31 p.m.7 views

EUVD-2026-20453

WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter in all versions up to, and including, 4.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

7.5CVSS5.9AI score0.01473EPSS
Exploits0References7
NVD
NVD
added 2026/04/08 12:16 p.m.4 views

CVE-2026-3396

WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter in all versions up to, and including, 4.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

7.5CVSS0.01473EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/08 11:16 a.m.258 views

CVE-2026-3396 WCAPF – WooCommerce Ajax Product Filter <= 4.2.3 - Unauthenticated Time-Based SQL Injection

WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter in all versions up to, and including, 4.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

7.5CVSS0.01473EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/08 11:16 a.m.2 views

CVE-2026-3396

WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter in all versions up to, and including, 4.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

7.5CVSS5.9AI score0.01473EPSS
Exploits0References7
Rows per page
Query Builder