Lucene search
K

617 matches found

redhatcve
redhatcve
added 2026/03/26 5:2 p.m.4 views

CVE-2026-32537

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in nK Visual Portfolio, Photo Gallery & Post Grid visual-portfolio allows PHP Local File Inclusion.This issue affects Visual Portfolio, Photo Gallery & Post Grid: from n/a through =...

7.5CVSS5.8AI score0.003EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/03/25 4:15 p.m.3 views

CVE-2026-32537 WordPress Visual Portfolio, Photo Gallery & Post Grid plugin <= 3.5.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in nK Visual Portfolio, Photo Gallery & Post Grid visual-portfolio allows PHP Local File Inclusion.This issue affects Visual Portfolio, Photo Gallery & Post Grid: from n/a through =...

7.5CVSS5.8AI score0.003EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/03/25 12:0 a.m.8 views

WordPress plugin Visual Portfolio, Photo Gallery & Post Grid 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

7.5CVSS5.8AI score0.003EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/03/25 12:0 a.m.11 views

PT-2026-28051

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in nK Visual Portfolio, Photo Gallery & Post Grid visual-portfolio allows PHP Local File Inclusion.This issue affects Visual Portfolio, Photo Gallery & Post Grid: from n/a through =...

5.8AI score0.003EPSS
Exploits0References2
nvd
nvd
added 2026/03/04 2:15 a.m.8 views

CVE-2026-1273

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.8 via the /ultp/v3/starterdummypost/ and /ultp/v3/starterimportcontent/ REST API endpoints. This makes it possible...

7.2CVSS0.00313EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/03/04 12:0 a.m.4 views

PT-2026-22856

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.8 via the /ultp/v3/starter dummy post/ and /ultp/v3/starter import content/ REST API endpoints. This makes it...

7.2CVSS6AI score0.00313EPSS
Exploits0References7
cvelist
cvelist
added 2026/02/11 9:27 a.m.30 views

CVE-2026-2295 WPZOOM Addons for Elementor – Starter Templates & Widgets <= 1.3.2 - Unauthenticated Protected Post Exposure via ajax_post_grid_load_more

The WPZOOM Addons for Elementor – Starter Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajaxpostgridloadmore' function in all versions up to, and including, 1.3.2. This makes it possible for unauthenticated attacker...

5.3CVSS0.00325EPSS
Exploits0References3
patchstack
patchstack
added 2026/02/10 11:27 p.m.7 views

WordPress WPZOOM Addons for Elementor - Starter Templates & Widgets plugin <= 1.3.2 - Unauthenticated Protected Post Exposure via ajax_post_grid_load_more vulnerability

WordPress WPZOOM Addons for Elementor - Starter Templates & Widgets plugin = 1.3.2 - Unauthenticated Protected Post Exposure via ajaxpostgridloadmore vulnerability discovered by Webbernaut in WordPress Plugin WPZOOM Addons for Elementor versions = 1.3.2...

5.3CVSS5.5AI score0.00325EPSS
Exploits0References1Affected Software1
redhatcve
redhatcve
added 2026/02/08 7:13 a.m.8 views

CVE-2025-13463

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Grid component in all versions up to, and including, 5.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access...

6.4CVSS5.5AI score0.00245EPSS
Exploits0References1
nvd
nvd
added 2026/02/07 6:16 a.m.5 views

CVE-2025-13463

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Grid component in all versions up to, and including, 5.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access...

6.4CVSS0.00245EPSS
Exploits0References3
cvelist
cvelist
added 2026/02/07 5:52 a.m.26 views

CVE-2025-13463 Bold Page Builder <= 5.5.3 - Authenticated (Author+) Stored DOM-based Cross-Site Scripting in Post Grid

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Grid component in all versions up to, and including, 5.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access...

6.4CVSS0.00245EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/02/07 5:52 a.m.5 views

CVE-2025-13463 Bold Page Builder <= 5.5.3 - Authenticated (Author+) Stored DOM-based Cross-Site Scripting in Post Grid

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Grid component in all versions up to, and including, 5.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access...

6.4CVSS5.7AI score0.00245EPSS
Exploits0References3
cve
cve
added 2026/02/07 5:52 a.m.17 views

CVE-2025-13463

CVE-2025-13463 affects the Bold Page Builder WordPress plugin (Post Grid component) up to version 5.5.3. It is a Stored DOM-based Cross-Site Scripting vulnerability caused by insufficient input sanitization and output escaping. Exploitation requires Author-level access or higher, and injected scr...

6.4CVSS5.6AI score0.00245EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/02/07 5:52 a.m.4 views

CVE-2025-13463

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Grid component in all versions up to, and including, 5.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access...

6.4CVSS5.6AI score0.00245EPSS
Exploits0References4
euvd
euvd
added 2026/02/07 5:52 a.m.6 views

EUVD-2025-206895

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Grid component in all versions up to, and including, 5.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access...

6.4CVSS5.6AI score0.00245EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/02/07 12:0 a.m.8 views

WordPress plugin Bold Page Builder 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.7AI score0.00245EPSS
Exploits0References4
patchstack
patchstack
added 2026/02/06 11:26 p.m.7 views

WordPress Bold Page Builder plugin <= 5.5.3 - Authenticated (Author+) Stored DOM-based Cross-Site Scripting in Post Grid vulnerability

Authenticated Author+ Stored DOM-based Cross-Site Scripting in Post Grid vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Bold Page Builder versions = 5.5.3...

6.4CVSS5.3AI score0.00245EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2026/02/03 5:30 a.m.5 views

CVE-2026-0950 Spectra Gutenberg Blocks <= 2.19.17 - Unauthenticated Information Disclosure in Sensitive Data

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.19.17. This is due to the plugin failing to check postpasswordrequired before rendering post excerpts in the renderexcerpt...

5.3CVSS5.4AI score0.00346EPSS
Exploits0References10
patchstack
patchstack
added 2026/02/02 7:56 p.m.5 views

WordPress Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel - Combo Blocks plugin <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel - Combo Blocks plugin = 2.2.80 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Post Grid and Gutenberg Blocks versions = 2.2.80...

6.4CVSS5.3AI score0.00263EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2026/02/02 2:36 p.m.7 views

WordPress Exclusive Addons for Elementor plugin <= 2.6.9.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Post Grid vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via Post Grid vulnerability discovered by wesley wcraft in WordPress Plugin Exclusive Addons Elementor versions = 2.6.9.2...

6.4CVSS5.3AI score0.00434EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder