Lucene search
K

332 matches found

Nuclei
Nuclei
added yesterday67 views

Ads Pro Plugin <= 4.88 - Unauthenticated SQL Injection

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the 'aid' parameter in all versions up to, and including, 4.88 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

7.5CVSS7AI score0.01566EPSS
Exploits0References3
Nuclei
Nuclei
added 2 days ago30 views

Ads Pro Plugin <= 4.89 - Local File Inclusion

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.89 via the 'bsatemplate' parameter of the bsapreviewcallback function. This makes it possible for unauthenticated attackers to includ...

9.8CVSS6.5AI score0.28162EPSS
Exploits1References2
CVE
CVE
added 5 days ago15 views

CVE-2026-11426

CVE-2026-11426 concerns the UnderConstructionPage PRO plugin for WordPress. The vulnerability, present in all versions up to 5.76, allows Arbitrary File Read via the template_thumbnail parameter, where local file paths are copied into a publicly accessible uploads file. This permits authenticated...

6.5CVSS6.2AI score0.00308EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-42759

The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OAuth Email in all versions up to and including 6.2.3. The vulnerability exists in the loginpressondiscordlogin Discord OAuth callback handler, which accepts the email field returned by Discord's...

8.1CVSS5.9AI score0.00347EPSS
Exploits0References3
CVE
CVE
added 2026/07/02 11:15 a.m.14 views

CVE-2026-57426

The provided data identifies an Unauthenticated Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Modula – PRO , versions ≤ 2.10.8. Affected component is the Modula – PRO plugin for WordPress. The entry does not specify the root cause, affected files/functions, or the exact payload...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/29 2:47 p.m.6 views

WordPress Admin and Site Enhancements (ASE) Pro plugin <= 8.8.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Admin and Site Enhancements ASE Pro versions = 8.8.5...

9.6CVSS5.8AI score0.00269EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/25 8:9 a.m.6 views

WordPress Dokan Pro plugin <= 5.0.4 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by lb in WordPress Plugin Dokan Pro versions = 5.0.4...

7.5CVSS6AI score0.00273EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/25 4:17 a.m.8 views

CVE-2026-12077

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.5CVSS0.00273EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 4:17 a.m.11 views

CVE-2026-12079

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ’orderby’ parameter in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS0.00224EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 3:42 a.m.5 views

EUVD-2026-39166

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.5CVSS6AI score0.00273EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 3:42 a.m.6 views

EUVD-2026-39165

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ’orderby’ parameter in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS6AI score0.00224EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 5:33 a.m.13 views

EUVD-2026-37992

The BetterDocs Pro plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.8.0 via the docstyle parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code ...

9.8CVSS6.5AI score0.00886EPSS
Exploits2References3
Cvelist
Cvelist
added 2026/06/16 9:25 p.m.25 views

CVE-2026-25470 WordPress ACPT (Pro) - Custom Post Types plugin for WordPress plugin <= 2.0.47 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in ACPT ACPT Pro - Custom Post Types Plugin for WordPress allows Remote Code Inclusion. This issue affects ACPT Pro - Custom Post Types Plugin for WordPress: from n/a through 2.0.47...

10CVSS0.00414EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-50086

Name of the Vulnerable Software and Affected Versions ACPT Pro - Custom Post Types Plugin for WordPress versions prior to 2.0.48 Description Improper Control of Generation of Code allows for Remote Code Inclusion and unauthenticated Remote Code Execution RCE. This issue enables an attacker to...

10CVSS5.6AI score0.00414EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/15 6:0 a.m.41 views

CVE-2026-8935 Advanced Google Maps < 6.1.1 - Unauthenticated Administrator Account Creation

The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given a valid nonce that is publicly emitted on any frontend page enqueuing its map script, unconditionally creates an administrator account and returns a magic-login URL granting interactive admin acces...

0.00268EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 6:0 a.m.8 views

CVE-2026-8935 Advanced Google Maps < 6.1.1 - Unauthenticated Administrator Account Creation

The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given a valid nonce that is publicly emitted on any frontend page enqueuing its map script, unconditionally creates an administrator account and returns a magic-login URL granting interactive admin acces...

5.2AI score0.00268EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/11 8:25 a.m.12 views

WordPress Open User Map PRO plugin <= 1.4.31 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Hunter Jensen skid in WordPress Plugin Open User Map PRO versions = 1.4.31...

4.7CVSS5.4AI score0.00188EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.14 views

CVE-2026-8732

The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to the wpgmptempaccessajax AJAX action being registered with wpajaxnopriv and protected only by a nonce check using the...

9.8CVSS5.7AI score0.09461EPSS
Exploits7References1
GithubExploit
GithubExploit
added 2026/06/02 2:51 a.m.112 views

Exploit for CVE-2026-8732

WP Maps Pro Unauthenticated Stored Cross-Site Scripting CVE-2...

9.8CVSS5.9AI score0.09461EPSS
Exploits7
GithubExploit
GithubExploit
added 2026/05/30 6:42 a.m.177 views

Exploit for CVE-2026-8732

CVE-2026-8732 - WP Maps Pro &checktemp=false' 3. Login via...

9.8CVSS5.8AI score0.09461EPSS
Exploits7
Rows per page
Query Builder