Lucene search
K

2289 matches found

Cvelist
Cvelist
added 2026/06/23 6:0 a.m.40 views

CVE-2026-8163 Infility Global < 2.15.19 - Subscriber+ SQL Injection via order Parameter

The Infility Global WordPress plugin before 2.15.19 does not properly sanitize and escape some parameters before using them in SQL statements, leading to a SQL Injection vulnerability exploitable by authenticated users with Subscriber-level access and above...

0.00239EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:31 a.m.6 views

CVE-2026-9013

The Bogo plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.1 via the bogorestcreateposttranslation. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the raw title, content, excerpt,...

4.3CVSS5.8AI score0.00254EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/06/19 4:31 a.m.27 views

CVE-2026-9013 Bogo <= 3.9.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via REST API

The Bogo plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.1 via the bogorestcreateposttranslation. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the raw title, content, excerpt,...

4.3CVSS0.00254EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.20 views

PT-2026-50847

Name of the Vulnerable Software and Affected Versions Bogo plugin for WordPress versions prior to 3.9.2 Description An issue exists where authenticated attackers with subscriber-level access and above can extract the raw title, content, excerpt, and password of private, draft, or password-protect...

4.3CVSS5.9AI score0.00254EPSS
Exploits0References17
Patchstack
Patchstack
added 2026/06/18 4:0 p.m.7 views

WordPress Bogo plugin <= 3.9.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Information Exposure vulnerability discovered by Andrew Lacambra in WordPress Plugin Bogo versions = 3.9.1...

4.3CVSS5.3AI score0.00254EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/17 9:50 a.m.13 views

CVE-2026-40723

The advisory describes CVE-2026-40723 as a Broken Access Control issue in the WordPress Bricks Builder theme, affecting versions

4.3CVSS5.1AI score0.00243EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:57 p.m.14 views

CVE-2025-69137

Technical details about CVE-2025-69137 are not provided in the supplied connected documents. The records only indicate a broken access control issue in Genemy theme

6.5CVSS5.1AI score0.00299EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 7:46 a.m.9 views

EUVD-2026-37041

The File Sharing & Download Manager – User Private Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fldrttl' parameter in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.5AI score0.00235EPSS
Exploits0References9
CVE
CVE
added 2026/06/15 8:19 p.m.13 views

CVE-2026-52697

CVE-2026-52697 affects the WordPress Taskbuilder plugin (versions &lt;= 5.0.7). The vulnerability is an SQL Injection in the Taskbuilder component, with CVSSv3.1 metrics indicating a high-severity issue (8.5) that is network-exploitable, requires low privileges, and does not require user interact...

8.5CVSS5.7AI score0.00339EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:19 p.m.5 views

CVE-2026-52697 WordPress Taskbuilder plugin <= 5.0.7 - SQL Injection vulnerability

Subscriber SQL Injection in Taskbuilder = 5.0.7 versions...

8.5CVSS5.7AI score0.00339EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.10 views

CVE-2026-42651

CVE-2026-42651 affects the WordPress Classified Listing plugin (versions

6.3CVSS5.1AI score0.00242EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.13 views

CVE-2026-39518

The CVE pertains to WordPress EventPrime plugin versions

7.1CVSS5.2AI score0.00278EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.8 views

PT-2026-49208

WordPress Booking Calendar Contact Form 1.0.23 contains privilege escalation and stored cross-site scripting vulnerabilities that allow authenticated users to modify plugin options and inject malicious scripts by failing to verify user privileges and sanitize input parameters. Attackers with...

6.4CVSS5.2AI score0.00231EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/09 3:41 a.m.34 views

CVE-2026-8977 WP GDPR Cookie Consent <= 1.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'ninja_gdpr_ajax_actions' AJAX Action

The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ninjagdprajaxactions' AJAX action in versions up to, and including, 1.0.0. This is due to missing capability and nonce checks on the handleAjaxCalls function, combined with insufficient input...

6.4CVSS0.00188EPSS
Exploits0References5
CVE
CVE
added 2026/06/09 3:41 a.m.20 views

CVE-2026-8977

The WP GDPR Cookie Consent plugin for WordPress (versions up to and including 1.0.0) is vulnerable to Stored Cross-Site Scripting via the ninja_gdpr_ajax_actions AJAX action. The root cause is multi-fold: missing capability and nonce checks in handleAjaxCalls(), insufficient input sanitization of...

6.4CVSS5.7AI score0.00188EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/06/08 8:48 p.m.10 views

WordPress User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin <= 4.3.2 - Missing Authorization to Authenticated (Subscriber+) Subscription Pack Cancellation vulnerability

Missing Authorization to Authenticated Subscriber+ Subscription Pack Cancellation vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin WP User Frontend versions = 4.3.2...

4.3CVSS5.5AI score0.00153EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.15 views

CVE-2026-5411

The WP Captcha PRO the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 5.38. This is due to a capability check in the saveajax function of the licensing module,...

8.8CVSS6.1AI score0.00449EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/06 3:28 a.m.5 views

CVE-2026-8611

The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoiceid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS5.6AI score0.00234EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/06/06 3:28 a.m.7 views

CVE-2026-8611 Klamra Paycal for Aspaclaria <= 1.1.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Information Exposure via 'invoice_id' Parameter

The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoiceid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS5.6AI score0.00234EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/06 3:28 a.m.37 views

CVE-2026-8611 Klamra Paycal for Aspaclaria <= 1.1.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Information Exposure via 'invoice_id' Parameter

The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoiceid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS0.00234EPSS
Exploits0References8
Rows per page
Query Builder