21261 matches found
Giga Messenger WordPress - Cross-Site Scripting
Giga Messenger WordPress plugin = 2.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...
Joplin 3.3.3 Server - Privilege Escalation
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Prior to version 3.3.3, a privilege escalation vulnerability exists in the Joplin server, allowing non-admin users to exploit the API endpoint PATCH /api/users/-id t...
CVE-2026-12385
CVE-2026-12385 affects the Smart Slider 3 WordPress plugin up to version 3.5.1.37. The issue is a Sensitive Information Exposure via the keyword parameter, enabling authenticated attackers with contributor-level access and above to extract titles and full content excerpts from private, draft, pen...
CVE-2026-57719
creationtimestamp| type| source ---|---|--- 2026-07-13 11:20:06+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqjl4ur7zb2b 2026-07-13 11:23:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjlchorxn24 2026-07-13 11:29:15+00:00| seen|...
CVE-2026-57726
creationtimestamp| type| source ---|---|--- 2026-07-13 11:18:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjkzjborp27 2026-07-13 11:18:32+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjl23jjqs2w 2026-07-13 11:22:05+00:00| seen|...
CVE-2026-61971
Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture metronet-profile-picture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Profile Picture: from n/a through = 2.6.3...
CVE-2026-57771
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Milan Petrovic GD Rating System gd-rating-system allows Blind SQL Injection.This issue affects GD Rating System: from n/a through = 3.7...
CVE-2026-57734
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Composer td-composer allows Reflected XSS.This issue affects tagDiv Composer: from n/a through = 5.4.3...
CVE-2026-57719
Unrestricted Upload of File with Dangerous Type vulnerability in CodeRevolution Aimogen Pro aimogen-pro allows Using Malicious Files.This issue affects Aimogen Pro: from n/a through = 2.8.3...
CVE-2026-57391
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tangible Loops & Logic tangible-loops-and-logic allows Stored XSS.This issue affects Loops & Logic: from n/a through = 4.2.3...
CVE-2026-57383
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eyecix JobSearch wp-jobsearch allows Stored XSS.This issue affects JobSearch: from n/a through = 3.2.9...
CVE-2026-57382
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mitchell Bennis Simple File List simple-file-list allows Reflected XSS.This issue affects Simple File List: from n/a through = 6.3.8...
CVE-2026-10103
creationtimestamp| type| source ---|---|--- 2026-07-13 09:48:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjfz3xeav2g 2026-07-13 09:49:50+00:00| seen| https://bsky.app/profile/qiancx.bsky.social/post/3mqjg3ih5wi2l 2026-07-13 09:49:51+00:00| seen|...
CVE-2026-9708
creationtimestamp| type| source ---|---|--- 2026-07-13 09:41:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjflymjrr25 2026-07-13 09:51:01+00:00| seen| https://bsky.app/profile/qiancx.bsky.social/post/3mqjg5lvm5z2d 2026-07-13 09:51:01+00:00| seen|...
CVE-2026-6850
creationtimestamp| type| source ---|---|--- 2026-07-13 09:38:05+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjfgfdc4x26 2026-07-13 09:48:04+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjfycu6co22 2026-07-13 09:48:06+00:00| seen|...
CVE-2026-61971
The CVE covers the WordPress plugin Metronet Profile Picture (Cozmoslabs User Profile Picture) insecure direct object references affecting versions
CVE-2026-57398 WordPress Real Estate Manager Pro plugin <= 12.8.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebCodingPlace Real Estate Manager Pro real-estate-manager-pro allows Reflected XSS.This issue affects Real Estate Manager Pro: from n/a through = 12.8.3...
CVE-2026-57391 WordPress Loops & Logic plugin <= 4.2.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tangible Loops & Logic tangible-loops-and-logic allows Stored XSS.This issue affects Loops & Logic: from n/a through = 4.2.3...
CVE-2026-57734
The CVE concerns WordPress tagDiv Composer (td-composer). Affected: tagDiv Composer
CVE-2026-57379 WordPress FormyChat plugin <= 2.15.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPPOOL FormyChat social-contact-form allows Stored XSS.This issue affects FormyChat: from n/a through = 2.15.3...