Lucene search
K

17115 matches found

NVD
NVD
added 6 hours ago4 views

CVE-2026-57690

Unauthenticated Cross Site Request Forgery CSRF in Werkstatt = 4.7.2 versions...

4.3CVSS
Exploits0References1
NVD
NVD
added 6 hours ago3 views

CVE-2026-57689

Subscriber Broken Access Control in Werkstatt = 4.7.2 versions...

4.3CVSS
Exploits0References1
NVD
NVD
added 6 hours ago2 views

CVE-2026-57669

Subscriber Broken Access Control in Advanced Contact form 7 DB = 2.0.9 versions...

6.5CVSS
Exploits0References1
NVD
NVD
added 6 hours ago2 views

CVE-2026-57343

Unauthenticated Cross Site Scripting XSS in Real Estate 7 = 3.5.9 versions...

7.1CVSS
Exploits0References1
NVD
NVD
added 6 hours ago2 views

CVE-2026-27404

Unauthenticated Cross Site Scripting XSS in LMS = 9.7 versions...

7.1CVSS
Exploits0References1
NVD
NVD
added 6 hours ago2 views

CVE-2026-27060

Contributor PHP Object Injection in ARMember Premium = 7.0 versions...

8.8CVSS
Exploits0References1
NVD
NVD
added 6 hours ago2 views

CVE-2025-69153

Unauthenticated Cross Site Scripting XSS in Trendy Travel = 6.7 versions...

7.1CVSS
Exploits0References1
NVD
NVD
added 6 hours ago2 views

CVE-2025-69155

Unauthenticated Cross Site Scripting XSS in Fitness Zone WordPress Theme = 5.7 versions...

7.1CVSS
Exploits0References1
CVE
CVE
added 7 hours ago11 views

CVE-2026-57689

The CVE-2026-57689 entry concerns the WordPress Werkstatt theme (versions up to 4.7.2) with a Broken Access Control flaw. Affected component: Werkstatt WordPress theme; root cause: broken access control mechanisms in version <= 4.7.2. Impact: unauthorized access to restricted functionality, as...

4.3CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 7 hours ago4 views

CVE-2026-57687 WordPress Custom Field Template plugin <= 2.7.8 - SQL Injection vulnerability

Contributor SQL Injection in Custom Field Template = 2.7.8 versions...

8.5CVSS
Exploits0References1
CVE
CVE
added 7 hours ago7 views

CVE-2026-57673

Technical details of CVE-2026-57673 are not publicly provided in the supplied documents. Monitor for updates from authoritative sources; the available entries indicate unauthenticated XSS in Optimole

7.1CVSS5.8AI score
Exploits0References1
CVE
CVE
added 7 hours ago6 views

CVE-2026-57669

The affected software is the WordPress plugin Advanced Contact form 7 DB (versions

6.5CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 7 hours ago3 views

CVE-2026-27404 WordPress LMS theme <= 9.7 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in LMS = 9.7 versions...

7.1CVSS
Exploits0References1
Cvelist
Cvelist
added 7 hours ago3 views

CVE-2026-27060 WordPress ARMember Premium plugin <= 7.0 - PHP Object Injection vulnerability

Contributor PHP Object Injection in ARMember Premium = 7.0 versions...

8.8CVSS
Exploits0References1
CVE
CVE
added 7 hours ago5 views

CVE-2025-69155

CVE-2025-69155 affects the Fitness Zone WordPress Theme up to version 5.7. It is described as an unauthenticated Cross Site Scripting (XSS) vulnerability in the theme, with CVSS v3.1 base score 7.1 (HIGH). Attack vector: NETWORK; Attack complexity: LOW; Privileges required: NONE; User interaction...

7.1CVSS5.8AI score
Exploits0References1
CVE
CVE
added 7 hours ago4 views

CVE-2025-69154

CVE-2025-69154 affects the SpaLab | Beauty Salon WordPress Theme up to version 6.7. It is an unauthenticated Cross-Site Scripting (XSS) vulnerability in the theme. The CVSS v3.1 base score is 7.1 (HIGH) with network attack, no privileges required, user interaction required, and low impacts to con...

7.1CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 7 hours ago3 views

CVE-2025-69153 WordPress Trendy Travel theme <= 6.7 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Trendy Travel = 6.7 versions...

7.1CVSS
Exploits0References1
Nuclei
Nuclei
added 9 hours ago17 views

Drag and Drop Multiple File Upload - CF7 <= 1.3.9.6 - Remote Code Execution

Drag and Drop Multiple File Upload for Contact Form 7 WordPress plugin = 1.3.9.6 contains an unrestricted file upload caused by insufficient file type validation and bypass of filename sanitization with non-ASCII characters, letting unauthenticated attackers upload arbitrary files and achieve...

8.1CVSS6.1AI score0.04175EPSS
Exploits3References2
Nuclei
Nuclei
added 9 hours ago20 views

JoomSport <= 5.7.7 - SQL Injection

The JoomSport WordPress plugin through 5.7.7 is vulnerable to unauthenticated time-based blind SQL injection via the 'sortf' GET parameter in the player list view. The parameter value is backtick-wrapped and directly concatenated into an ORDER BY clause. id: CVE-2026-42647 info: name: JoomSport =...

9.3CVSS5.8AI score0.01323EPSS
Exploits1References4
Nuclei
Nuclei
added 9 hours ago9 views

Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0006)

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through...

9.8CVSS6.1AI score0.92161EPSS
Exploits1References4
Rows per page
Query Builder